A botnet is a collection of computers, or bots, that have been compromised by some sort of malicious software. This software gives the attacker the ability to control the bot remotely. Botnets can vary greatly in size, from a handful of computers to hundreds of thousands. One such example of a very large botnet is the Storm botnet. The malicious software spreads like a normal computer virus, in which each infected machine attempts to infect more machines using methods such as sending infected files over peer-to-peer networks or sending spam emails with infected attachments. Once a computer has been compromised, an IRC bot is installed. IRC stand for Internet Relay Chat, which is a form of real time chat, usually used for large group conversations. Typically, the IRC bot connects to a specific IRC channel, where it waits for instructions. The attacker can then issue commands to the bots through that IRC channel.
The ability to control so many internet-connect computers at once allows the controller of the botnet to gain unfair advantages in situations that can be explained by network theory. One could only dream of having such an advantage in other situations: imagine being able to command 50,000 people to vote for a particular person, or to invest in a particular stock! One example of an unfair advantage is Google AdSense abuse. Companies that use AdSense can display ads on their website that earn the company money every time that they are clicked. An attacker could abuse AdSense by creating a website that displays these advertisements, and then instructing a botnet to repeatedly click on the ads, generating unfairly earned income. One could imagine this scenario using our knowledge of market interaction: Imagine an auction where there is one seller (Google) with unlimited supply of a good that they value at zero. The seller is connected to a single trader (the AdSense user), who is connected to a very large number of buyers. The trader varies his offer to the buyers by changing the contents of his website. The ads displayed on the website adapt to its content, so they would change also. The buyer’s value could be how interesting the ad looks, and their cost of clicking the ad could be the time spent. In this case, the trader isn’t just strictly a trader, he has an affect on how the buyers value the good. So, assuming the trader is rational, it would be in his best interest to maintain an interesting website so that more people will value the ads enough to click on them.
But what about the case of the trader being able to control a botnet? In this case, the botnet controller simply tells a large amount of buyers to buy his good (clicking on the ads). In this situation, the Trader has no incentive to create an interesting website. So in this simple auction model, the buyer ends up losing, since they end up buying the good at a price greater than they value it. This interpretation does not translate exactly back into the real life scenario, because there isn’t a person that is actually forced to click on the ads. Instead, one could say that the buyer loses because the computer user experiences a slowdown while their computer is clicking on ads by itself. There is another entity that loses due to a botnet. A company paid Google to create an ad in order in order to bring people to the company’s own website, possibly to purchase things. However, if all of their ad clicks come from a botnet, they won’t make any sales. In the end, a botnet controller has the ability to “cheat” in the AdSense market, profiting at the expense of others.
Sources:
* You can follow any responses to this entry through the RSS 2.0 feed.