In our previous post, we defined bots and botnets as “any software that automatically perform(s) a specific action or actions.” While this might not seem too dangerous at first, some bots can have very sophisticated programming! Put more simply, a bot is only limited by the imagination of the programmer and his capabilities. And “black hat” programmers can be quite tricky. This is one of the things that make them so effective: depending on their code and purpose they can perform a wide variety of actions. Bots are effectively a form of application that automate a specific task in accordance with their programming. It may come as a surprise, but we use bots of all varieties in our day-to-day digital activities. In fact, you probably used one today by simply searching the internet. The internet wouldn’t be what it is today without your friendly neighborhood bot. But like most forms of code, when a bot is turned to the dark side it becomes malware and harms instead of helps. A malicious bot can have any purpose, but common forms include:
- Those that spam emails via captured addresses from websites or unsecure logins.
- Those that limit bandwidth by downloading things to your computer.
- Those that contain a dangerous payload(s) such as a worm, virus, or other similar program.
- Those that use your computer to perform a DDoS attack in an attempt to overload a website.
- Those that create a network of connected machines to perform some specific task or tasks (e.g., a “botnet”).
- Those turned to a commercial, legally grey areas such as “gold farming” or purchasing limited commodities in short order to be resold later (very common when “scalping” tickets for concerts or events!).
Because a bot is merely a task that is automated, it might be programed to do just about anything. For example, a new trend within social media is to “buy” views via an automated bot that spams a website to increase viewer count at rapid rates. Since money can be involved vis-a-vis ad revenue services this is gaming the system! Imagine if you were playing a slot machine and could trick the machine into thinking you put money into it when you hadn’t, while still reaping the rewards of any win. The same principle applies here. More recently, bots have been used to spam inflammatory remarks when a certain word, phrase, or social media hashtag is used.
Like most malware, the best defense against bots is to be security-minded. Be careful of what links you clink. Be careful of what you download. If possible, use two-step authentication methods with your online accounts or set-up your account so you get alerts when you’re signed in. Keeping a strong and secure firewall is necessary, as is up to date security software.
Note, while “Captcha” and similar programs are touted as being secure against web-crawlers and other bots. They are very easy to fool by using OCR (optical character recognition) and similar software. Finally, like with all things digital security related: using good judgement common sense can help you avoid many of the pitfalls.