How a botnet works: 1. A botnet operator sends out viruses or worms, infecting ordinary users’ computers, whose payload is a malicious application — the bot. 2. The bot on the infected PC logs into a particular command and control (C&C) server (often an IRC server, but, in some cases a web server). 3. A spammer purchases access to the botnet from the operator. 4. The spammer sends instructions via the IRC server to the infected PCs, causing them to send out spam messages to mail servers. (Photo credit: Wikipedia)
Want to create a huge botnet to distribute malware, pump out spam, crack passwords or knock your enemy’s website offline?
Don’t bother with designing malware to break into strangers’ computers. Instead, say two researchers, all you need to do is spend a few bucks buying online ads, which can hijack tens of thousands of Web browsers across the world — no hacking required.
Last month at the Black Hat security conference in Las Vegas, Jeremiah Grossman and Matt Johansen, the founder/chief technology officer and threat-research manager of White Hat Security in Santa Clara, Calif., showed how an online ad network could be used to create what they called a “million browser botnet.”
“There’s no malware to detect, no exploits,” Grossman said. “We’re not really hacking stuff. We are using the Web the way it was meant to be used.”
The World Wide Web is a fundamentally insecure system, Grossman and Hansen explained. Browsers are designed to serve you as much data as possible without authentication, and nowhere is that more true than with online ads.
“When you visit a Web page,” Grossman said, “by nature of the way the Web works, it has near-complete control of your browser for as long as you are at that Web page … The JavaScript or Flash on that page can force your browser to do basically whatever it wants.”
Grossman and Johansen showed how HTML and JavaScript, the programming languages underlying most Web pages, could be used to probe Web browsers for user settings and login information, force browsers to attack websites in several different ways, break into corporate networks or spread malware.
The problem with these attacks, however, is that they are limited in scope. Whether you’re distributing the evil code through a highly trafficked site, search-engine poisoning or third-party widgets such as weather trackers, you’re not going to attain the critical mass for a truly efficient browser-based botnet.
“We need to think bigger,” the researchers said, then quoted JavaScript pioneer Douglas Crockford: “The most reliable, cost-effective method to inject evil code is to buy an ad.”
Ads: the perfect malware distribution system
There are nearly two dozen major ad networks, Grossman and Johansen said, but most of them won’t let ad suppliers include code with their ads. However, there are hundreds of smaller ones that don’t ask as many questions.
The Latest Bing News on:
Browser Botnet
- Researchers warn of two new variants of potent IcedID malware loaderon March 27, 2023 at 1:48 pm
The new IcedID variants are likely used for ransomware delivery, and researchers expect new variants to emerge.
- ‘Nexus’ Android Trojan Targets 450 Financial Applicationson March 23, 2023 at 5:02 am
Promoted as a MaaS costing $3000 per month, the new Nexus Android trojan targets 450 financial applications for account takeover.
- New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attackson March 19, 2023 at 2:08 pm
The new botnet was discovered by researchers at Akamai at the start of the year, who caught it on their HTTP and SSH honeypots, seen exploiting old flaws such as CVE-2014-8361 and CVE-2017-17215.
- Source Of Evil – A Botnet Code Collectionon March 18, 2023 at 5:01 pm
In case you’re looking for a variety of IRC client implementations, or always wondered how botnets and other malware looks on the inside, [maestron] has just the right thing for you. After years ...
- Go-based HinataBot latest botnet to focus on DDoS attackson March 18, 2023 at 9:03 am
A new Go-based malware is the latest botnet focused on distributed-denial-of-service (DDoS) attacks. The malware apparently is named "Hinata" by the malware author after a character from the ...
- Botnet that knows your name and quotes your email is back with new trickson March 13, 2023 at 4:38 pm
Widely regarded as one of the Internet’s top threats, the Emotet botnet has returned after a months-long hiatus—and it has some new tricks. Last week, Emotet appeared for the first time this ...
- IoT botneton February 25, 2023 at 4:00 pm
We start with a botnet. This is when a bunch of Internet-connected devices are compromised and controlled by a malicious user. This could be a set of specific brand of web camera or printer or ...
- The Active Directory Botneton March 30, 2020 at 10:29 am
Ltd. visit the Dark Reading News Desk to explain why and how an attacker could build and operate an entire botnet inside your organization. Not just one bot; the entire botnet. Watch all 45 News ...
- voluntary botneton February 21, 2019 at 9:52 pm
While most botnets use compromised computers without their owners' knowledge, users in a voluntary botnet allow their computers to be taken over to increase the traffic that overloads the Web servers.
The Latest Google Headlines on:
Browser Botnet
[google_news title=”” keyword=”Browser Botnet” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
The Latest Bing News on:
Browser-based botnet
- PyScript: Python In The Web Browseron March 27, 2023 at 5:00 pm
However, if it works well, the promise is not just that you can write browser-based applications in Python — you’ll have a handy way to reuse existing Python code and even be able to run the ...
- Researchers warn of two new variants of potent IcedID malware loaderon March 27, 2023 at 1:48 pm
The new IcedID variants are likely used for ransomware delivery, and researchers expect new variants to emerge.
- Browser-based MMORPG Market - Global Industry Analysis, Size, Share, Growth, Trends, and Forecast, 2023 - 2030 with an impressive CAGR of 10.8%.on March 25, 2023 at 7:19 pm
Mar 25, 2023 (Prime PR Wire via Comtex) -- This market research report shows the present level and the future prospects of the "Browser-based MMORPG Market" from 2023 to 2030. This entire report ...
- This new botnet could launch a devastating DDoS attack at any timeon March 20, 2023 at 4:07 am
Cybersecurity researchers from Akamai have discovered a new botnet that is reportedly capable of launching 3.3 Tbps Distributed Denial of Service attacks. The researchers’ honey ...
- New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attackson March 19, 2023 at 2:08 pm
A new malware botnet was discovered targeting Realtek SDK ... while HinataBot first appeared in mid-January 2023. It seems to be based on Mirai and is a Go-based variant of the notorious strain.
- Go-based HinataBot latest botnet to focus on DDoS attackson March 18, 2023 at 9:03 am
A new Go-based malware is the latest botnet focused on distributed-denial-of-service (DDoS) attacks. The malware apparently is named "Hinata" by the malware author after a character from the ...
- Botnet that knows your name and quotes your email is back with new trickson March 13, 2023 at 4:38 pm
Widely regarded as one of the Internet’s top threats, the Emotet botnet has returned after a months-long hiatus—and it has some new tricks. Last week, Emotet appeared for the first time this ...
- IoT botneton February 25, 2023 at 4:00 pm
We start with a botnet. This is when a bunch of Internet-connected devices are compromised and controlled by a malicious user. This could be a set of specific brand of web camera or printer or ...
- Browser-based MMORPG Market (New Research Report) By 2023 Which is Experiencing Strong Growth in the Globe till 2029on February 20, 2023 at 4:16 pm
Feb 21, 2023 (The Expresswire) -- Browser-based MMORPG Market | Outlook 2023-2029 | Pre and Post-COVID Research is Covered, Report Information | Newest 100 Pages ReportBrowser-based MMORPG Market ...
- What is a LockDown Browser & how does it work?on December 15, 2021 at 7:45 pm
We’ll try to cover it all in today’s post. The LockDown Browser from Respondus is an Artificial Intelligence-based proctor, a kind of virtual surveillance system useful for both, remote and ...
The Latest Google Headlines on:
Browser-based botnet
[google_news title=”” keyword=”browser-based botnet” num_posts=”10″ blurb_length=”0″ show_thumb=”left”]
