December 20, 2010, 4:39 PM — A team of researchers in Canada recently released results of a study in which they created a botnet strictly for experimental purposes. The simulation allowed the researchers at Ecole Polytechnique de Montreal, with collaborators at Nancy University in France, and Carlton University in Ottawa, to observe the botnet's behavior while keeping it from infecting other machines.
Botnets are complex and large distributed systems consisting of several thousands, and in some cases, millions of computers often exploited by criminals for nefarious activity such as sending out spam, launching denial-of-service attacks, or installing spyware (Also see Zeus botnet targets holiday shoppers).
"Practically all internet users have experienced the ill effects of botnets, whether by receiving large volumes of spams daily, having their confidential information stolen, lost access to critical Internet services," the researchers state in a summary of the results.
More about botnets
- What a botnet looks like
- The botnet hunters
- Report: Rustock still top dog among spam botnets
- With botnets everywhere, DDoS attacks get cheaper
In order to gain more insight into what the researchers called "one of the most worrying computer security threats" the experiment recreated an isolated version of the Waledac botnet. Waledac, which was taken down by Microsoft earlier this year, at one point consisted of an estimated 70,000-90,000 infected computers and was responsible for as much as 1.5 billion spam messages a day.
For the research, approximately 3,000 copies of Windows XP were loaded onto a cluster of 98 servers at Ecole Polytechnique. Nodes were infected with the Waledac worm by loading it onto them from DVDs, instead of connecting to other machines. Researchers noted the infected network was disconnected from any other network at all times.
The machines in the network created for the experiment communicated with one another in the same way computers in a distributed computing system would, with a command-and-control server that sends instructions to some machines, which then continue to send those instructions on to other machines. This is how a botnet is able to increasingly add more zombie computers to its network.