The new era of botnets

Jump to navigation Jump to search

(Publication) Google search: [1]

The new era of botnets
Botnet/malware group
Exploit kits
Distribution vector
Operation/Working group
Date 2010 /
Editor/Conference McAfee Labs
Author Zheng Bu, Pedro Bueno, Rahul Kashyap, Adam Wosotowsky
Type White paper


Robot networks, popularly known as botnets, have a varied history. In essence, a bot is simply a series

of scripts or commands or a program that is designed to connect to something (usually a server) and execute a command or a series of commands. Essentially it performs various functions. It needn’t be malicious or harmful.

Bots and their uses have evolved from the simple channel or game watchers (for example, Wisner’s Bartender and Lindahl’s Game Manager bots) to providing specialized services such as managing databases or maintaining access lists. This report covers a very different use: the “herding” of bots (also called drones or zombies) by cybercriminals to support their criminal activities.

As they affect corporations, these criminal activities can include stealing trade secrets, inserting malware into source code files, disrupting access or service, compromising data integrity, and stealing employee identity information. The results to a business can be disastrous and lead to the loss of revenue, regulatory compliance, customer confidence, reputation, and even of the business itself. For government organizations, the concerns are even more far reaching.

We will look at how criminal bots have evolved, the industry that supports their creation and distribution, and how they are used today by various cybercriminal groups. We will also suggest where we believe bots are headed in the near future.


 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2010BFR796,
   editor = {McAfee Labs},
   author = {Zheng Bu, Pedro Bueno, Rahul Kashyap, Adam Wosotowsky},
   title = {The new era of botnets},
   date = {23},
   month = Feb,
   year = {2010},
   howpublished = {\url{}},