1.3 Rootkits != Malware

Eudora (when it was still owned by Qualcomm) included adware functional¬

ity to help manage development and maintenance costs.

In some cases, adware also tracks personal information and thus crosses over

into the realm of spyware, which collects bits of information about the user

without his or her informed consent. For example, Zango's Hotbar, a plugin

for several Microsoft products, in addition to plaguing the user with ad pop-

ups also rccords browsing habits and then phones home to Hotbar with the

data. In serious cases, spyware can be used to commit fraud and identity theft.

Rise of the Botnets

The counterculture in the United Slates basically started out as a bunch of

hippies sticking it to the man (hey dude, let your freak flag fly!). Within a

couple of decades, it was co-opted by a hardcore criminal element fueled by

the immense profits of the drug trade. One could probably say the same thing

about the hacking underground. What started out as a digital playground for

bored netizens (i.e., citizens online) is now a dangerous no-man's land. It's in

this profit-driven environment that the concept of the botnct has emerged.

A botnet is a collection of machines that have been compromised (a.k.a. zom¬

bies) and are being controlled remotely by one or more individuals (bot herd¬

ers). It's a huge distributed network of infected computers that do the bidding

of the herders, who issue commands to their minions through command-and-

control servers (also referred to as C2 servers, which tend to be IRC or web

servers with a high-bandwidth connection).

Bot software is usually delivered as a payload within a virus or worm. The

bot herder "seeds" the Internet with the virus/worm and waits for his crop

to grow. The malware travels from machine to machine, creating an army

of zombies. The zombies log on to a C2 server and wait for orders. A user

often has no idea that his machine has been turned, although he might notice

that his machine has suddenly become much slower, as he now shares the

machine's resources with the bot herder.

Once a botnet has been established, it can be leased out to send spam, to en¬

able phishing scams geared toward identity theft, to execute click fraud, and

to perform distributed denial of service (DDoS) attacks. The person rent¬

ing the botnet can use the threat of DDoS for the purpose of extortion. The

danger posed by this has proved serious. According to Vint Cerf, a founding

Parti I 17