I had to change my DNS provider when last time zombie computers which were a part of huge BotNet attacked
EveryDNS (Same organisation running the popular OpenDNS service). The news was
slashdotted and it was said the attack was of around 1.2Gbits per second in total and lasted a week.
That figure is certainly
huge, but we cant say if that DDoS attack was running on full throttle or was mere a demonstration of firepower. There have been other highprofile BotNet attacks in past,
like the one on BlueSecurity half an year back, which essentially highlights how deep the rathole goes. BlueSecurity, a vendor of antiphishing and antispam solution called BlueFrog, closed shops since then and the BotNet herder is still at large.
BotNets are essentially a loosely knit group of computers infected with BotNet drones. These are modified IRC Bots which upon installation, join their owner's IRC channel and wait for commands. A typical medium size BotNet can easily span upto several 10's of thousands conputers connected to internet. Assuming a typical indian internet connection of 2Mbps given by MTNL/BSNL these days, that would give the BotNet a combined power of several Gbits per second. When the BotNet is not DDoSing someone, BotNet herders use their network for all kinds of uses like phishing, spamming, stealing corporate data and other sensitive details.
Now the picture seems little clearer to me. I remember seeing traces of IRC bots being downloaded by some way exploiting modules in apache running on a debian woody server. Thankfully the drones could never execute (i think so?) since it was a PowerPC machine and the binaries were all intel ones. The server was reinstalled due to several other reasons, but till today i can see falied attempts of BotNet drone installation in webserver's logs.
I have been reading several articles/whitepapers on BotNets and now Internet seems such a dreaded place all of a sudden.
