Last Updated: Fri, 22 Apr 2011 > Related Articles
Describes a botnet and the impact.
A "botnet" is a network of compromised computers. The computers are infected with one or more trojans that make outbound connections to IRC servers. When they arrive at the IRC servers, they are given commands to perform actions such ddos attacks and spam runs. Also, all modern trojans have keystroke loggers, so as soon as the bots connect to an IRC server, the trojan runner can pull financial information, passwords, etc. from the victim's computer.
The next time that computer is connected to the Internet, that trojan will start up an IRC client and connect to a server. Sometimes it is a real IRC server, but more often these days it is an IRC server which has been set up on a shell account and paid for with a stolen credit card. The trojan will also have been coded to make the bot join a certain channel once it has connected.
The trojan may have got on to the person's computer by being wrapped up in a file that looks innocent - usually a game crack, email attachment or it can simply be named to make you think it's an anti-virus program! It may have been installed on the computer because there was some hidden code on a website that a person visited, which downloaded it to their machine.
The major difference between a bot in a botnet, and your common eggdrop or IRC client script bot in a channel, is that the botnet variety have been created with a trojan and, almost always, without the knowledge of the person whose computer they are running from.
Some of these trojans can not be identified with anti-virus software. You may have to reformat your machine to destroy the trojan.