Last night, right as I was about to pass out, I got the familiar click from my phone telling me I got a text message. I picked it up, read it, saw that it was comment spam on this page (because every comment gets forwarded to me via text message), deleted it, and layed back down. About 30 seconds later, I got another one, which I expected. I don't know why, but everytime one gets through, two more tend to follow. So I picked up my phone only to see there were 7 messages waiting to be read. As I was reading the message "You have 7 messages." my phone clicked again...up to 9 now. I sighed and set the phone down. After a couple of more clicks I had to do something. I got up, turned captchas on for all the posts, and set about deleting messages. I checked the log and between 3:38am and 3:47am, I had 114 attempts to comment on my page. 14 of those went through. And these attempts came from about 50 different ipaddresses. It seems we are getting some botnet love.
I don't know that I have really ever mentioned botnets on the page before, so I figured this would be as good of a time as any. Honestly, it is not the exciting of content, but what the hell, neither is anything else I put up here. Botnets consist of hundreds to millions of computers linked together. They can be used for coordinated attacks on large networks, search and scrub jobs, or even just doing data processing. One of the key advantages of botnets is their distributed nature. If one computer was attacking a network, it would be easy to block them out. But if millions are attacking, all from totally random vectors, it is much harder to defend against. Also being distributed, it requires far less for an individual computer to do, so even if the computer is executing an attack, it is not using much processing power and the owner is less likely to notice they are infected.
A botnet typically has three components: a herder, a control server(s), and bots. The bots (robots, zombies) are computers infected with some sort of client software for a particular botnet. Normally, this is put into place via a worm or virus and hides as a background process. It will use a little bit of processing power and bandwidth to execute whatever command it has gotten from the control server. The control server(s) is typically an IRC server sitting on a computer with a fat bandwidth pipe. Its purpose is to have a single point of contact for the bots. All of the bots will connect to it and sit idle until a command is issued. The commands come from the herder, which is just some person sitting somewhere who periodically connects to the control server and tells the bots what to do.
Now one of the tasks some botnets do in their off time is spamming. They scour the net searching for sites to post to. Some spam advertising links, while others spam that fits a pattern as a proof of concept (there is a name for this 'white noise spam' but I can't remember it). If it weren't for these, we would probably never get spam.
