Zscaler Data Protection Recognized as a 2023 Product of the Year by CRN

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

Botnets For Everybody!

March 12, 2009 - 2 min read
BBC's Click technology program decided to demonstrate the SPAM power of botnets by directing 22,000 zombies in their own personal botnet. Sure, a lot of people are questioning the legality of this stunt, but that's not what really caught my attention. Most live hacking demonstrations involving real targets are legally questionable anyways, and despite the laws many people feel entitled (and sometimes even obligated) to do XSS and SQLi testing against arbitrary web applications on the Internet.

What caught my eye was a few interesting choice remarks made in the article. First, they called their 22,000 node botnet "low-value." What, pray tell, makes this botnet particularly low value? Is it what hackers would charge to rent/sell it? Is it the number of nodes (a mere 22,000)? I think this is a great illustration of the inflated grandness that media has really driven to botnet stories...apparently botnets under a quarter-million nodes are worth less consideration. Yet by the article's own admission, it only took a scant 60 nodes to DDoS their target website off the Internet. Make no mistake, 22,000 nodes at an attacker's command can do a considerable amount of damage to just about any target. There are even supercomputers listed on the
world's top 500 supercomputers list that leverage far fewer than 22,000 nodes. I would hardly trivialize a 22k node botnet with the label "low-value," as it desensitizes everyone to the overall threat that any sized botnet can represent.

Second, the article mentions they "acquired" their own botnet "after visiting some chatrooms" on the Internet. I wish they had provided a bit more details here...did they troll chat rooms until they found a botnet for sale, and purchase it? Or did they intercept an IRC-based command and control channel of the bots, thus hijacking the botnet to do their bidding? Either way, their candor regarding the ease of acquiring a botnet seems strange. I would think the story of how anyone can "visit some chatrooms" and walk away with a botnet would be more sensational than filling some demo inboxes with spam.

As an aside, the "how a botnet works" graphic they include in the article was a bit weird as well; the truncated version you see in the article leaves a lot to be desired ("Hacker -> virus"?). You have to click on the image to get the full chart, and then things become clear.

Until next time,
- Jeff
form submtited
Thank you for reading

Was this post useful?

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.