Botnet pointer

Gadi Evron ge at linuxbox.org
Mon Dec 20 22:21:40 UTC 2004


> "bot": derivative of "robot". An application on an infected computer 
> used for orchestrated attacks or for distributed generation of spam, 
> often distributed in or with viruses or other malware. Similar to 
> "zombie", which is an older usage specific to distributed denial of 
> service attacks.

I believe calling them "bots", although correct, is a mistake. "drones" 
or "zombies" or whatever "shark" ( *wink* :) ) you like would probably 
work. How else are we going to be able to tell the difference from real 
bots? I.e. those bots that people run legitimately, meaning not by the 
AUP of the service the bots run on but rather by the approval of the 
machine administrator/operator.

This is not to say these bots must be non-abusive, but to distinguish 
them from the.. erm.. drones! :)

> "botnet": a set of bots that may be controlled as a single service, and 
> which may be leased or sold to a user as a unit.

I believe that a "distributed (centrally controlled) network of <insert 
word>" would serve us best. Under "normal"/root conditions, you can make 
a program do whatever you want for it to do, on a Windows machine. So 
what it serves for is irrelevant if we want to be abstract.

	Gadi.



More information about the NANOG mailing list