What is a Botnet? A Botnet is a networked collection of compromised machines called robots. It is being largely used for conducting espionage operations and stealing sensitive information via controlled nodes a.k.a. Botmasters. These machines are then used to carry out a concerted attack. How do Botnets infect systems? The techniques botnets use to infect other machines and recruit new bots are simple. Individual bots are dispersed geographically across the world and across the entire IP address space. In most cases, the mode used is a host of social engineering tactics. Besides, thumb drives and other types of common media can be used to distribute Botcode. The bot code is generally installed via the Autorun and Autoplay features on machines running Windows. So, the systems running Windows OS are most vulnerable to Botnet attacks. Drive-by downloads are another way via which botnets affect the system when a user visits a website and malware is downloaded by exploiting web browser vulnerabilities. The plug-ins and add-ons use in browsers have seen an upward trend in recent years. As such, browser-based attacks have surfaced regularly and contributed significantly to the rise in infections via Drive-by downloads. Read: Botnet Removal Tools.
Botnet Tracker
A Botnet is designed with the specific intention of carrying out large-scale click fraud and Bitcoin mining. A Botnet Tracker is a tool that can be used to analyze its malicious architecture and activity in real-time. Tracking botnets is not easy since the power of a botnet is a measure of the size or number of machines infected. Therefore, tracking botnets involve a multi-step strategy. Different botnet detection tools and techniques are deployed in the process. For instance, websites dedicated to tracking some of the infamous botnets such as Zeus Tracker track the Zeus botnet’s Command & Control servers (hosts) around the world to provide users a domain- and IP-blocklist. The statistics help reveal some useful information about crimeware. The main focus lays in providing system administrators an option to block well-known hosts and to avoid and detect infections in their networks. For this purpose, the Botnet tracker from TrendMicro offers several blocklists. These blocklists are offered in various formats and for different purposes Additionally, the tool from TrendMicro can help CERTs, ISPs and LEAs (law enforcement) to track malicious hosts in their network/country hosts that are online and running botnet code. Although the real power of a botnet is difficult to determine, implementation of these strategies in combination can help in identifying the threat in the first instance and avert losses. This Global Botnet Visualizer keeps you up-to-date on Bot activity.
Lookingglasscyber.com displays a real-time map that shows the actual data from their threat intelligence feeds. It shows the Infections per second, Live Attacks statistics, tracks Botnets like Sality, Mobile, Conficker, ZeroAccess, APT, Trojan, TinyBanker, Clicker, Ramdo, Shiz, Flashback, Sensor, and Dyre. Visit malwaretech.com and click on the Connect button to see live Botnets in action worldwide. This Botnet Tracker allows you to track the activities of Sality4, Kelihos, Necurs, Goze and Mira Botnets.