Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Want to know more about malicious bots

  • Please log in to reply
2 replies to this topic

#1 ering


  • Members
  • 3 posts
  • Local time:09:40 PM

Posted 28 October 2013 - 11:14 PM

Do malicious bots spread and infect external storage like USB drives, or do they usually just stay put once installed on a victim's computer? Are they non-replicating like Trojans? 

BC AdBot (Login to Remove)


#2 noknojon


  • Banned
  • 10,871 posts
  • Gender:Not Telling
  • Local time:12:40 PM

Posted 29 October 2013 - 05:26 AM

This may answer some of your questions -
What Is the Difference: Viruses, Worms, Trojans, and Bots?

From Cisco -

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,920 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:40 PM

Posted 29 October 2013 - 09:06 AM

What is a Botnet? - Bots and Botnets A Growing Threat
What is a Zombie Bot? - What is a Botnet (Zombie Army)?
What is an IRCBot?

Spreading Bots
Some bots include worm functionality for spreading themselves through exploits, a mechanism that early malicious botnets used widely. Today, however, vulnerabilities that are conducive to worm activities are rare and herders rely heavily on social engineering to distribute malware to victims. One leading method involves distributing infected files on P2P networks, purportedly as pirated copies of software or films. Another way is through drive-by downloads in which the attacker hosts a webpage (or compromises a legitimate one) with malicious code that downloads the bot malware to vulnerable computers that visit.

After the botnet is up and running, it can be used to attack and infect additional computers. Bot-herders can designate a few nodes as malware servers, using various techniques to disguise their locations and to provide protection in case one or more of them are discovered and shut down. Other nodes can be used to send spam with links to exploit-laden pages on the malware servers, using various forms of social engineering to lure recipients to click the link in the message. Committed bot-herders can use these techniques to build networks of thousands of compromised computers over time.

How Does Botnets Work?

For example, Zbot/Z-Bot/Win32/Zbot (Zeus) and many other bots rely heavily on social engineering in order to infect computers. Spam emails are used by attackers in an attempt to trick the user into opening the email and clicking on links within it. Attackers have been known to use exploit packs in order to craft Web pages to exploit vulnerabilities in system and application software and spread the threat in a drive-by downloads.

Like most botnet families, Win32/Zbot is based on the client-server model; it requires a command and control (C&C) server to which the bots connect to receive instructions from the botnet operator. A kit to set up a server is sometimes bundled with the base Win32/Zbot kit, or can be obtained from other black market sellers...Attackers use a number of different methods to spread bots, including spam, social engineering, exploiting vulnerabilities in system and application software, and using other malware families to download and install bots to infected computers. The Win32/Zbot server itself is frequently packaged with exploit packs that can be used to help spread botsfor example, by automatically finding websites that are vulnerable to SQL injection and uploading exploit code that targets site visitors.

How Win32/Zbot Works

Zbot is also known to download CryptoLocker Ransomware as a secondary payload.

For more information about malware vectors, please read:
Malware Infection Vectors: Past, Present, and Future
How Malware Spreads - How did I get infected
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users