Talk:Botnet/Archive 1

External Link Expired
http://swatit.org/bots/gallery.html has outdated Certificates, and an invalid contact address for their "free" download. Considering the subject, possibly this should be removed.

198.53.106.189 19:40, 11 January 2007 (UTC)

this is not the best definition of botnet
You can log IRC bots onto multiple servers and have them /msg each other to coordinate cross-server functionality.. that's also a botnet. They can get pretty complex- you can span hundreds of servers in a massive network of bots -- ⁪ffroth 21:06, 6 December 2007 (UTC)
 * Actually it's a good definition of a botnet, but you're right, it is not the only meaning of botnet. botnet (made of eggdrops for example) is known by IRCers, I guess that makes less people than the large public that hears about the zombie stuff. Anyway, as newest (zombie) botnets dont use IRC anymore, I suppose this article will need a rewriting. -- skiidoo (talk) 01:19, 7 December 2007 (UTC)

Bot herder?
Where does this term "bot herder" come from? I have never heard it in the professional IT space nor in the groups who actually set up botnets. Everyone I've ever known calls them "botnet controllers". The term "botnet herder" isn't even referenced in any of the supporting sources. 131.128.96.48 19:31, 10 August 2007 (UTC)

The bot herder is the *person* running the botnet, not the botnet controller. I've heard the term. Lippard 02:54, 28 September 2007 (UTC)

The botnet herder is the botnet controller. Herding is the act of bringing animals together in a group, maintaining and moving the group from place to place hence the name botnet herder. Herder, Controller, different words same meaning (in this context).Freeky nerd (talk) 15:26, 8 September 2008 (UTC)

Merge
the article Dosnet into this one... 83.76.1.233 (talk) 22:42, 24 July 2008 (UTC)

I agree the articles should be merged.Freeky nerd (talk) 15:28, 8 September 2008 (UTC)

Rogue botnets run on Microsoft OSes
The average person reading this article will not realize that, while most non-rogue irc networks run on non-Microsoft OSes, most rogue botnets run on compromised machines running Microsoft OSes. The popular press generally does not make this type of thing clear to readers. Hence many lay persons incorrectly believe that it is the nature of all computer systems, not just primarily those running Microsoft OSes, to crash frequently and to be prone to viruses.

Without abandoning a neutral point of view, the botnet article should make it clear to the reader that rogue botnets exist almost exclusively on Microsoft OSes.

Rahul


 * What you say is true, but it doesn't necessarily have any significance. If 95% of home PCs run Windows, that's bound to be the natural target of criminal botnets as home PCs are the least defended computers in the world. If 95% ran Mac OS, you'd see a shift to Mac OS-based botnets. The same would be true of Linux or any other OS. —The preceding unsigned comment was added by 212.146.47.250 (talk) 20:54, 2 May 2007 (UTC).


 * this reasoning is blatantly fallacious. Microsoft Windows is uniquely vulnerable due to the inherent architecture or lack thereof, allowing rogue code to execute at the highest privilege level by default (until Vista), Unix based OS'es specifically disallow this by default. The plethora of buffer overflow vulnerabilities is also directly caused by Microsoft compiler architecture.  Rahul's comment is valid, article is misleading in not mentioning this.


 * - DavidTangye (talk) 00:56, 8 February 2008 (UTC) I agree completely. It is a massive global problem with computers, that most people have no idea about software internals, and so fail to understand that viruses on Windows are NOT caused by its market dominance, but by technical architectural issues within the product. This article in Wikipedia, and several related articles, all fail totally to mention this, and thus, are by omission, allowing an incorrect belief to propagate. If Wikipeida wants to be truly neutral, and let truth be known, get more technically savvy people as editor/censors. At the very least don't let people who have little understanding of a subject delete information about it. As it is, by deleting the info I put in (twice now), you appear to be apologists of Microsoft. You do not appear to be neutral at all. Before you delete any new information, you should satisfy yourself that the new information is incorrect. Else you are just supporting whatever the status-quo is, whether it is correct or not. You need to rethink and change your entire way of thinking over the issue of update reversion.
 * It blatently is MS's market dominance that means so many attacks are made against it. Any technical shortcomings in Windows just make it easier. There are OSs around with security holes that could easily be exploited but aren't simply because they have hardly any users. If all currently known botnets are Windows only then that's worth mentioning (I'm not changing it because I don't know), but it shouldn't give the impression that users of any other OS will be safe for ever. I'm certainly not a Microsoft apologist, but there's valid criticism and then there's some that's verging on FUD. -Riedquat (talk) 14:08, 16 March 2008 (UTC)
 * Market dominance it is. Even Steve Jobs has his head up his ass about this. In response to the Apple vs PC commercials, there was a page that revealed 1 Apple vulnerability per day. Here is a blog entry as well. Blogs are not sufficient sources, but the blog provides its own sources that you can follow on your own. It doesn't take a math genius to know that statistically it would be harder for a worm to find an Apple on the Internet than a PC, being so much more rare. 69.119.13.218 (talk) 17:09, 11 June 2008 (UTC)
 * On this talk page, it is not relevant whether the reason is the MS OS's architectural weaknesses or its market dominance (or both). The fact is that there is no citation supporting the statement and it therefore does not belong in the article until a reliable source is found. I should delete it myself but since someone has already added it twice now, and I don't want to start an edit war, I will not. However, WP:Verifiability states that the burden of evidence lies with the editor who added the information, not the editor who believes the information is incorrect. Hence, until a citation is provided, I request the editor who posted it remove it themselves. Phlyght (talk) 17:57, 15 September 2008 (UTC)

Prevention
Maybe it should be noted that since the primary purpose of malicious botnets appears to be the sending of spam, the best way to neutralize botnets is to educate people on how to prevent spam, which is not hard to do on an individual basis (e.g.: you can virtually completely eliminate it using Outlook Express rules plus your own domain name), as well as improving the extremely poor spam-identification algorithms currently used by ISPs. —Preceding unsigned comment added by 71.154.253.96 (talk) 15:33, 30 September 2009 (UTC)

Tone Issue
The 3rd paragraph ends with the sentence: "Exploitation of this method of using a bot to host other bots has proliferated only recently, as most script kiddies do not have the knowledge to take advantage of it." This needs to be rewritten to reference the term Script Kiddies differently. The way it appears here, it has a condescending tone that one might use when speaking informally to another person about a particular topic. I understand the term is part of the hacker culture, and intended to sound that way, but I am not sure if it fits on Wikipedia. It sounds like an offhand comment. Does anyone else agree? --Johnsm2 (talk) 22:51, 30 January 2008 (UTC) Struck me as seeming to be a bit too much opinion and not fact.--97.65.201.94 (talk) 22:46, 20 January 2010 (UTC)

Possible cleanup in "Lifecycle section"
This article probably needs cleanup in the Lifecycle section. I doubt that a bulleted list will suffice for an encyclopedia entry. Any ideas? --Bsdlogical 00:43, 22 September 2006 (UTC)


 * The same goes for the Purpose section. I think it needs an overhaul. --Bsdlogical 00:49, 22 September 2006 (UTC)


 * I agree with you seeing as nothing has happened with in for 4 years and the list really isn't even accurate I'm removing the whole section98.204.204.199 (talk) 00:09, 8 January 2011 (UTC)

Time to add TDL4 ?
http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot Paulbeeb (talk) 03:22, 1 July 2011 (UTC)

Article only touches the surface
This is a poorly written article and needs to be updated; that seems to be the general tune of those who have commented. I agree, this article only touches the surface of what botnets are. It focuses almost completely on IRC botnets (which are "starting to become dated in their use as command and control servers"). I say that in quotations because I'm not sure if this is a view that I share, though I do somewhat agree that different methods are now becoming more popular. The article doesn't much mention of HTTP botnets/p2p topologies, and at times is unclear on the very definition of what a botnet is, again mainly focusing on IRC botnets.

I've been rambling a little bit but I believe that there needs to be more focus on other methods of command and control and uses of botnets besides IRC and spam. — Preceding unsigned comment added by 222.155.143.16 (talk) 11:57, 24 August 2011 (UTC)

The picture is retarded
Anybody else think the picture is really dumb and should be removed? Oddity- 03:42, 23 April 2007 (UTC)

Why would you use a term like 'retarded' to describe something you don't like? Its highly insensitive to do so - like people using the word 'gay' for something they consider useless. Personally, I think the picture is a little immature, but it does help to explain the concept of a Botnet to a non-technical person, so believe it should stay.


 * DavidTangye (talk) 01:12, 8 February 2008 (UTC) To the above comment. What is your problem?


 * - If its highly insensitive, get over it. Highly insensitive to what? This is public property. He is describing a picture, not the original contributor of the picture, whoever that might be. You seem to assume he is having a go at the original contributor.
 * - 'Retarded' is a common term used by mainly young people around here, including one of my daughters, who is well spoken generally, and not immature for her age. I think its a funny term to use actually, so lighten up.
 * - In other parts of the world, it might be taken differently. So do you suggest we all go back to a common language and idiom-set, eg Kings English 1850, so we don't risk offending anyone. You are wasting your time here. Go be a diplomat. They spend whole careers having meetings to try to not offend anyone. Nothing gets done, but everyone has a good time talking, while the wars go on, and the planet burns. But that's OK, because no-one 'of consequence' is offended.

Oh, and now to the issue. To Oddity: I think that the diagram is reasonably good. But the real point is, if you don't like something, DO better. Put up an alternative picture. Stop removing stuff, unless you put up something in its place that addresses whatever is "behind" you have removed.
 * First of all, guys, if you have an issue with his comment, put it on his discussion page, not here, this is about the article. I came here to see what discussion is already in place about the picture. I also think it's silly, but effective. My only problem is that it explicitly implies that all spambots run Windows. This can be in violation of Wikipedia's NPOV policies, and also must be sourced. Just because it's not text, doesn't mean such a thing can go without a source. I'll be thinking of alternatives here. 69.119.13.218 (talk) 16:59, 11 June 2008 (UTC)

Yep the picture is definitely retarded, in fact i find it more confusing than helpful. An illustration is supposed to help people easily understand a process. The standard end-user with no real knowledge of the process would not appreciate the pic. Freeky nerd (talk) 15:18, 8 September 2008 (UTC)

OK I just made a new picture, hope it's less retarded :-) Tom-b (talk) 03:39, 26 January 2010 (UTC)

Not sure if I'm seeing the new picture or not .. but what's there is still (obviously?) unfit for an "encyclopedia" .. On the use of the word "retarded" .. this is the discussion page, so it's to be expected, but it *is* offensive to the many people who know/love people who are mentally retarded. Better word choice would help whoever started this section make achieve their goal of removing the picture. —Preceding unsigned comment added by 70.225.168.239 (talk) 05:35, 10 January 2011 (UTC)

Though the picture isn't in the general spirit of an encyclopedia, it is tasteful, well drawn, and clearly illustrates the idea. There are worse things to be given attention, in my opinion. — Preceding unsigned comment added by Katovatzschyn (talk • contribs) 23:27, 11 February 2011 (UTC) is the picture made by those Samurai Jack illustrators? :O 88.90.95.107 (talk) 16:41, 30 August 2011 (UTC) This picture is great. Haters gonna hate.

A new botnet should be added to http://en.wikipedia.org/wiki/Talk:Botnet
Hi,

Sorry if I missunderstood the rules here. I just want lo let you know that there is a new botnet that should be covered in the refered article. Please see www.atma.es (top, the yellow box).

M. Guntiñas — Preceding unsigned comment added by 77.27.19.26 (talk) 20:31, 12 February 2012 (UTC)

Incomprehensible sentence
"There is a false belief among some users, who think that infected keygens are flagged as malicious software by anti-virus programs for only the illegal aspect of the software."

What the heck does that sentence mean? GeneCallahan (talk) 20:50, 2 February 2012 (UTC)


 * It means just that. Key generators for software are often bot-infected, but many users ignore the warnings of their antivirus software because they *think* the warning merely comes because a key generator illegal by default. 178.15.76.208 (talk) 09:05, 22 March 2012 (UTC)

Poorly written
This article needs some attention from someone who is a native speaker of English. There are many minor grammatical errors, and the tone sounds like this was pulled from a student's homework. I made some minor corrections myself; I hope this helps. 66.9.234.201 (talk) 20:20, 14 April 2011 (UTC)
 * The lead paragraph especially is very poorly written. I might fix it later, but for now I've tagged it. Feezo (send a signal | watch the sky) 22:49, 28 May 2011 (UTC)

I took a swing at some copy editing, but there are major content issues that an expert needs to deal with first. I got through the Organization section before throwing in the towel. I'm not confident enough in my skills to add a "reviewed tag." If anyone cleans up the content, I'll take another try at an edit. Dante brevity (talk) 01:36, 28 June 2012 (UTC)

Removal of copypaste tag
A couple weeks ago, this article was tagged as a potential copyvio of a DSL Reports page. I've removed the tag because of page histories: certain distinctive wording in our article was already present before the creation of the DSL Reports page at 6PM on 27 April 2009, so the other page is a copyvio of our article and not vice versa. Nyttend (talk) 00:58, 9 July 2012 (UTC)
 * I dived into that issue as well, but the result is somewhat debatable. The "Last modified" part may state "2009-04-27 18:00:36", but DSLreports uses a structure with revisions, similar to Wikipedia (See the page history)). The debated text has been in the Wikipedia page since around 2005, yet the page stamps on the DSL page only go back as far as 2006. Revisions before that just exist, without any clear indication as to when they were posted. Effectively it is therefor impossible to determine what was created first. Seeing that Wikipedia contains a part of the text on DSL report, it would be more logical that someone copied that part to Wikipedia, but there is no way to be sure. Excirial ( Contact me, Contribs ) 08:21, 9 July 2012 (UTC)

Confusion of bots with IRC "bots"
Parts of the introduction and "preventative measures" section seem to confuse IRC bots with infected machines that are part of a botnet. IRC bots are programs that listen and talk on an IRC channel; for example, a quiz bot might pose questions, and then answer "correct"/"incorrect" based on answers given by people talking in that channel. Botnet "bots" are infected computers under remote control, generally by criminal organizations and often to send spam. This confusion may have arisen because some botnets are, in fact, controlled through the IRC chat infrastructure.

If I have time I'll come back and fix this.


 * --User:dcposch:dcposch


 * It's not really a confusion, since some early IRC bots were also used for denial of service flooding attacks, causing channel splits, etc., and arguably were part of the lineage of Agobot/Phatbot along with the DoS tools like Trinoo, TFN, Stacheldraht, etc. Lippard (talk) 16:48, 16 June 2011 (UTC)


 * Actually, the whole article is pretty bad. A botnet is a generic concept of connected bots. Early irc bots formed bot nets in the early 90s, see eggdrop, vladbot, incubot, energy mech etc for more information. I'll try to rewrite the article to be a bit more sane and less slanted towards bots being evil. Zokum (talk) —Preceding undated comment added 01:41, 6 February 2013 (UTC)

Missing from Article
There are some things missing from the article:
 * Evolution of botnets -- though many still use a central command and control, new P2P bots are coming up
 * Types/branches of bots, and most importantly,
 * A better treatment of mitigation strategies. I'm in touch with recent research on botnets; I'll edit this article in a week or so if I dont see any complaints --Railrulez 11:16, 22 July 2006 (UTC)

The botnet life cycle image is nice, but steps 4-5 as given are pretty unusual. Typically spammers ("sponsors") pay for access to bots, not to the botnet controller, and are supplied with proxies opened up on the individual bots. It is not usual for spammers to be given control of a botnet through the IRC control channel. Miscreant botherds often provide nice fancy web interfaces or special software that pulls down lists of available proxies to use for sending spam; e.g., send-safe.com. Lippard 19:54, 30 October 2005 (UTC)

There are legitimate uses for botnets, too. :-) --Cuervo 23:02, 3 Apr 2005 (UTC)


 * Expand, expound, elucidate, explain. --Baylink 01:34, 4 Apr 2005 (UTC)


 * Speaking within the context of IRC, I suppose the primary legitimate purpose for a botnet is redundancy. If a bot (or its server) becomes too lagged, or the machine it's running on becomes unstable, it's not going to do its channel maintenance duties very well. Having other bots around provides a bit of a failsafe, and linking them allows them to share userfiles, channel settings, etcetera. Even if it's not lagged, what if someone, by luck or malice, deops the bot first, in the first stages of a channel takeover? What if there's more than one rogue chanop?


 * Eggdrops also have built-in encryption capabilities (Blowfish has been a part of Eggdrop since the 1.0 series, but it's possible to write one's own modules) and a "party line" accessible to properly authenticated users over DCC CHAT or telnet, which, combined, basically gives people running Eggdrops the option for encrypted communications (there is a module called "wire" for just this purpose), though it should be noted there is currently no functionality in the mainstream Eggdrop source for encrypted connections to the bot itself. There's also built-in note functionality, which allows you to leave notes for users on other bots, even those you may not have access to.


 * This is just the built-in stuff. With the Tcl hooks, you can write a script to do pretty much anything you want across the botnet. Here's a good example: say you have two bots running, opped, in a channel. One gets banned. The banned bot can request the other unban it across the botnet.


 * I myself run a small botnet for one of the channels I run on EFNet, and it doesn't do anything evil; most of the time, it just sits there. Sometimes the cool kids show up on the party line.


 * My arguments here are a bit disorganized, I'll clean them up after coffee. :-) I suppose what my opinion comes down to that there are botnets created by worms and crackers, and botnets created by users with no ill intent, and I believe that there should be a distinction between the two.


 * --Cuervo 19:11, 4 Apr 2005 (UTC)


 * I've tried to make the article a bit more generic. I also think the list of big botnets should be moved into a seperate article, possibly a seperate article focusing on hostile botnets. As the article is now, it's a mess. Zokum (talk) 02:06, 6 February 2013 (UTC)

It seems that the introductory paragraph is too short. Many people read only the introduction and skip the more technical details following it. The introduction should say something about what purposes botnets serve, both good and bad. What are they used for? — Preceding unsigned comment added by TimMagic (talk • contribs) 02:23, 2 February 2012 (UTC)

Listing Zeus as a "Botnet"
I see that Zeus is listed on the "Historical list of botnets" on this page as a botnet containing 3.6 million computers. It should be noted that Zeus was malware-for-sale--users could buy binary files from the creator with their own command-and-control domains specificed for 3000-ish US dollars and use them for their own purposes, and then spread the files themselves. Zeus was not run by any one specific botmaster, like the major spambot networks are. While 3.6 million computers may have been infected with Zeus malware, Zeus itself was not really a "botnet" of 3.6 mil since most of those zombies reported to completely separate masters. Given that information I'd dispute the inclusion of Zeus under "historic botnets" on this page. 99.99.166.46 (talk) 06:17, 9 April 2011 (UTC)

It should be noted that is is also the case for Bredolab (Sold as BManager), Mariposa (Sold as Butterfly bot) and Donbot (Probably also some more) 217.94.56.208 (talk) 17:21, 22 September 2013 (UTC)

Semi-protected edit request on 2 September 2015
223.204.249.219 (talk) 15:35, 2 September 2015 (UTC) If you want to suggest a change, please request this in the form "Please replace XXX with YYY" or "Please add ZZZ between PPP and QQQ". Please also cite reliable sources to back up your request, without which no information should be added to, or changed in, any article. - Arjayay (talk) 15:59, 2 September 2015 (UTC)
 * Red information icon with gradient background.svg Not done: as you have not requested a change.

External links modified
Hello fellow Wikipedians,

I have just added archive links to 1 one external link on Botnet. Please take a moment to review my edit. If necessary, add after the link to keep me from modifying it. Alternatively, you can add to keep me off the page altogether. I made the following changes:
 * Added archive https://web.archive.org/20100611140112/http://www.damballa.com:80/research/aurora/ to http://www.damballa.com/research/aurora/

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

Cheers.—cyberbot II  Talk to my owner :Online 11:52, 7 January 2016 (UTC)

External links modified
Hello fellow Wikipedians,

I have just added archive links to 2 one external links on Botnet. Please take a moment to review my edit. If necessary, add after the link to keep me from modifying it. Alternatively, you can add to keep me off the page altogether. I made the following changes:
 * Added archive http://web.archive.org/web/20160107115223/http://losangeles.fbi.gov/dojpressrel/pressrel08/la041608usa.htm to http://losangeles.fbi.gov/dojpressrel/pressrel08/la041608usa.htm
 * Added archive http://web.archive.org/web/20140503004707/http://wiki.milcord.com/wiki/Botnet_Defense to http://wiki.milcord.com/wiki/Botnet_Defense

When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at ).

Cheers.—cyberbot II  Talk to my owner :Online 14:03, 28 February 2016 (UTC)

List of improvements
Here's a basic list of improvements to the article.

Improvements list:

It's not clear with the "definition" of a botnet.(very vague wording on the subject.)

needs links to example source code of a botnet.(links of the bot and the C&C or P2P control systems needed.)

Links to Spambot and DDoS attacks needed for references.(most botnets are in this category or in the click fraud or fraud category.)

This is just a quick list of improvements.

FockeWulf FW 190 (talk) 19:24, 8 March 2016 (UTC)

Additional historical botnets
-- Beland (talk) 23:06, 24 March 2016 (UTC)
 * AAEH, a.k.a. Beebone
 * Simda
 * Dorkbot

Merge in Command and control (malware)
Command and control (malware) is already pretty much a duplicate, however the two ideas are pretty inseparable. Deku-shrub (talk) 20:19, 8 June 2017 (UTC)

External links modified
Hello fellow Wikipedians,

I have just modified 2 external links on Botnet. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
 * Added archive https://web.archive.org/web/20100816044216/http://msmvps.com/blogs/harrywaldron/archive/2010/02/02/pushdo-botnet-new-ddos-attacks-on-major-web-sites.aspx to http://msmvps.com/blogs/harrywaldron/archive/2010/02/02/pushdo-botnet-new-ddos-attacks-on-major-web-sites.aspx
 * Added archive https://web.archive.org/web/20110511115226/http://www2.canada.com/topics/technology/story.html?id=3333655 to http://www2.canada.com/topics/technology/story.html?id=3333655

When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.

Cheers.— InternetArchiveBot  (Report bug) 23:21, 23 July 2017 (UTC)

Added Section
I have added a section over phishing and how botnets are used during phishing. Adammccartney1026 (talk) 18:54, 24 March 2019 (UTC)