Botnets are a group of computers that have been hacked and their settings modified so as to forward harmful information to other machines on the internet. The settings of these computers are usually changed without the knowledge of the owners. Therefore most of the computers which are connected to the internet might be bots while the users in most cases are unaware (Brenner, 2007). These computers whose settings have been manipulated to do such are called zombies. Zombies usually works as computer robots by executing instructions sent to them by their master. The master being the source of the virus or the harmful information.
Many of the zombies have been found out to be computers that are being used at home. The reason is that, majority of the home users in most cases do not protect their machines by installing security software. On the other hand, they in most cases use high speed internet connections which are most commonly targeted by the hackers. The creation of zombies mainly occurs via an internet port which has been left unutilized. The unutilized port forms an ideal place in which a very minute program called Trojan horse can be attached and can be activated whenever it is required.
In order to get activated, the master can just sent information through an internet relay channel. The master can order all the zombies to sent information to a particular host (mainly a website). This causes so much traffic to the host and the website might be closed down due to unavailability of service. In most cases, these programs or botnets are created with only one objective. The objective being to shut down or steal vital information from the rival company or competitor. This then can be real danger to business and companies who mainly depends on the computers in day to day running of their services.
Botnets usually occurs in a number of network connections, including wireless and the landline. It is also created within a variety of networks such as governmental, colleges and also the security networks. The master controller can generate a zombie inside one of these networks where there is a high speed internet connection. The high speed can therefore be used to support and serve more botnets. In recent past, several botnets have been impounded and destroyed by the police. For example, 1. 45 million connections of botnets were once destroyed in the Netherlands (Piazza, Feb, 2006).
Studies also indicate that, in the near future, quarter of all home-based computers will be hacked and used as botnets. Botnets are usually served by servers which are created in places with high speed internet connections. A group of botnets is also controlled by a master controller. The master controller does not usually have a definite way of communication and they always depend on their neighbors to achieve this objective. Sometime the information from these controllers usually clash mainly on issues pertaining to the machines they control and also the nature and the type of instructions they are required to execute.
A botnet can be created and used in the following manner. First, a botnet user or a controller sends harmful information in the form of virus and worms to uninfected computer. Once the uninfected computer receives these informations, it automatically infects it thus making it a zombie. Once the viruses have entered into the uninfected computer, it will then settle in the web server. Other harmful information can then enter into the computer and this information is mainly sent by the Master controller. These usually include spam which mainly instructs the infected computer to send spam messages to other nodes.
Botnets are mainly created by hooligans for various reasons. These reasons includes, the withholding of important services to users, generation of spam messages, spying of users and accessing their private information e. g. passwords, login names and also the credit card numbers. Botnets therefore compete against themselves in infecting more computers with high speed internet connection so as to easien their motives and objectives. The ones which establish networks in places with high speed internet connection and a larger bandwidth become successful (Washington times, December 8, 2007).
Botnets can establish numerous kinds of problems in the net. In the first instance, it denies the user requested services. These usually occur when the controller instructs other computers in the botnet to access one machine. By doing this, they will Jam the other machine making it unfuctional. Botnets also allows the running of the Adware software. This software once it runs will be able to execute such services as displaying a commercial advert without the consent of the company or the user. Spy ware will also gain access to the botnets hence spy on the activities the users are working on.
Botnets also results to the generation and the sending of malicious and destructive messages on the net. These messages are mainly known as spam. Lastly, there is the emergence of click fraud where by a computer redirects itself to other sites thus creating traffic congestion without the consent and knowledge of the user. This then slows down the processing of important and useful information (Elliott, June, 2007). Botnets can as well be identified and prevented. But to achieve this goal is not that easy. The existence of a botnet in the first place is not all that easy to identify.
The nature and the geographical distance between zombies that make up the botnet make it hard to identify the individual machines that make up the botnet. But recently there has been findings that the operating system Finger printing can be used to scan for the attacks which are originating from the botnet. Also the botnets can be identified by detecting their communication behavior. A bot usually communicate with the master controller by receiving instructions and sending back the response. In the process of communication, most botnets usually communicate through IRC (see appendix A).
Therefore IRC has been identified as a point where bots can be detected. These botnets can be detected through IRC by offloading traffic on a working IRC. Inspection of the offloaded traffic is then done in order to identify commands and instructions that resembles and are suspected to be those from botnets. Bots can also be identified by observing their behavior. Studies have found out that in most cases, bots that are in the IRC remain dormant in most of the time. But when they receive a command, they react very fast (Piazza, June, 2006).
This behavior has been used to detect bots and it has been found out to be very successful. Once one bot has been detected, it is easier to detect the rest since bots usually communicate in the botnet and therefore the messages they use when communicating can be tapped and scrutinized so as to identify the rest of the bots that form the botnet. Document Metadata: Metadata generally means data about data. These data could be any kind of data depending on the type of the media. A metadata usually contains informations which describe what is contained in the data or a group of data.
Metadata is usually used to monitor and to enhance easy usage and tracking of data. When used in the right way, metadata provides quick and easy access to documents but when used in the wrong way, it might leak important information to unauthorized users who might utilize the opportunity to damage or to destroy the company’s important information. Usually many of the office applications create the metadata automatically whenever they are being used. The metadata is then saved together with the already created document in the same file.
Therefore most of the documents which are created and sent are always accompanied by the unseen details. But the most unusual behavior of the metadata is that, instead of it displaying the abstract information, e. g. the time and the day the document was prepared and also in-depth information about the document file, most of the programs have been found out to allow the navigation and the tracking of all the changes made to the document, this includes saving and displaying the various ‘undo’ and also the comments which had been made to the document prior to sending it (Albers, 2005).
These information can be obtained by the recipient of the document which then can result to complaints and distrust between various parties. Metadata was created mainly to enable the users to arrange, reach and make necessary revision to the files they have received. For example, the metadata can carry the unseen information about the sender and where the document is stored. It also includes the past records of the document which then can help the recipient to compare the changes made to the document. Therefore metadata rather than being insecure serves very important purpose.