All about bots

[CyberAbc 290]

Bot:Short for robot, a computer program that runs automatically.

 

Internet bots, also known as web robots, WWW robots or simply bots, are software applications that run automated tasks over the Internet. Typically, bots perform tasks that are both simple and structurally repetitive, at a much higher rate than would be possible for a human alone. The largest use of bots is in web spidering, in which an automated script fetches, analyzes and files information from web servers at many times the speed of a human. Each server can have a file called robots.txt, containing rules for the spidering of that server that the bot is supposed to obey.

In addition to their uses outlined above, bots may also be implemented where a response speed faster than that of humans is required (e.g., gaming bots and auction-site robots) or less commonly in situations where the emulation of human activity is required, for example chat bots. Recently bots have been used for search advertising, such as Google Adsense.

 

Commercial purposes

 

Chatterbots are used in automated online assistants by organizations as a way of interacting with consumers and users of services. This can avail for enterprises to reduce their operating and training cost. A major underlying technology to such systems is natural language processing.

There has been a great deal of controversy about the use of bots in an automated trading function. Auction website eBay has been to court in an attempt to suppress a third-party company from using bots to traverse their site looking for bargains; this approach backfired on eBay and attracted the attention of further bots.

 

Charitable purposes

 

Bots have also been known to fast-track the purposes of charities, one of which is FreeRice.

 

On FreeRice

 

Since FreeRice became well-known through Digg.com and other news sources, many programming-adept users created scripts to automatically play the game for them. The scripts operate far faster than humans alone and run for 24 hours a day. At first, the scripts got only ≈1/4 of the words correct by random chance. Eventually, these bots were adapted with automated online dictionary search, dictionary files, and word database dumps so the programs can choose the correct answers the first time more often. The word database dumps were created so when the incorrect answer was chosen, the bots would record the correct answer the next page would show. Thus, the bot would choose the correct answer whenever it happened upon the same words later. Due to the growing number of scripts used on FreeRice, the number of rice donated has remarkably risen. Currently there are no rules governing "ricebots", as they are called. Until those rules are formed, anyone is free to program and use the scripts. With a delay of about 3 seconds between iterations, it is estimated that a script can feed about 8 people per day, if running 24/7. The idea was taken even further to create a multi-threaded bot which can run fifty or more browser instances at a time, enough to liberate as much as 600,000 grains of rice per hour or to feed 720 people per day. One script with 1,000 threads was able to donate over 3,000,000 grains in just a few hours.

Donated rice comes from the advertisements from sponsors, therefore abuse of scripts will likely lead to catastrophe, as advertisers prefer that actual people view their advertisements. Knowing the existence of the bots, FreeRice updated their FAQ explaining the potential damage of botting. Some bots have made changes to make sure they won't spoil the FreeRice spirit.

 

Malicious purposes

 

Another, more malicious use of bots is the coordination and operation of an automated attack on networked computers, such as a denial-of-service attack by a botnet. Internet bots can also be used to commit click fraud and more recently have seen usage around MMORPG games as computer game bots. A spambot is an internet bot that attempts to spam large amounts of content on the Internet, usually adding advertising links.

• There are malicious bots (and botnets) of the following types:
  

1. Spambots that harvest email addresses from internet forums, contact forms or guestbook pages
   
2. Downloader programs that suck bandwidth by downloading entire web sites
   
3. Web site scrapers that grab the content of web sites and re-use it without permission on automatically generated doorway pages
   
4. Viruses and worms
   
5. DDoS attacks
   
6. Botnets / zombie computers; etc.
   
7. File-name modifiers on peer-to-peer file-sharing networks. These change the names of files (often containing malware) to match user search queries.
   
8. Automating the entry of internet sweepstakes or instant win games to get an advantage
   
9. Automating tasks on promotional web sites to win prizes
   
10. Votebots which automatically cast votes for or againsts certain forms of user-contributed content such as videos on Youtube or reader comments on blog pages.
    

• Bots are also used to buy up good seats for concerts, particularly by ticket brokers who resell the tickets. Bots are employed against entertainment event-ticketing sites, like TicketMaster.com. The bots are used by ticket brokers to unfairly obtain the best seats for themselves while depriving the general public from also having a chance to obtain the good seats. The bot runs through the purchase process and obtains better seats by pulling as many seats back as it can.
  
• Bots are often used in massively multiplayer online role-playing games (MMORPG) to farm for resources that would otherwise take significant time or effort to obtain; this is a concern for most online in-game economies.
  

The most widely used anti-bot technique is the use of CAPTCHA, which is a type of Turing test used to distinguish between a human user and a less-sophisticated AI-powered bot, by the use of graphically encoded human-readable text.As such, players are often banned from their respective MMORPG for going outside the programming and "cheating" as bots are not typically allowed because they give an unfair advantage.

 

Bots in popular culture

• The 2006 Basshunter hit song "Boten Anna" is about a man who mistakes a female IRC user named Anna for an IRC bot.
  
• During the naming contest for a Hungarian bridge, Colbert Nation forum members developed a bot to stuff the ballot box. Stephen Colbert asked his viewers to cease their voting to name the bridge after him, and apologized to the Hungarians with a large segment on his show, The Colbert Report.
  

Zombie computer

 

 

A zombie computer is a computer connected to the Internet that has been compromised by a cracker, computer virus or trojan horse and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam and launch denial-of-service attacks. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies.

 

(1) Spammer's web site (2) Spammer (3) Spamware (4) Infected computers (5) Virus or trojan (6) Mail servers (7) Users (8) Web traffic

History

 

Zombies have been used extensively to send e-mail spam; as of 2005, an estimated 50–80% of all spam worldwide was sent by zombie computers. This allows spammers to avoid detection and presumably reduces their bandwidth costs, since the owners of zombies pay for their own bandwidth. This spam also greatly furthers the spread of Trojan horses; as Trojans, they are not self-replicating. They rely on the movement of e-mails or spam to grow, whereas worms can spread by other means.

For similar reasons zombies are also used to commit click fraud against sites displaying pay per click advertising. Others can host phishing or money mule recruiting websites.

Zombies can be used to conduct distributed denial-of-service attacks, a term which refers to the orchestrated flooding of target websites by large numbers of computers at once. The large number of Internet users making simultaneous requests of a website's server are intended to result in crashing and the prevention of legitimate users from accessing the site. A variant of this type of flooding is known as distributed degradation-of-service. Committed by "pulsing" zombies, distributed degradation-of-service is the moderated and periodical flooding of websites, done with the intent of slowing down rather than crashing a victim site. The effectiveness of this tactic springs from the fact that intense flooding can be quickly detected and remedied, but pulsing zombie attacks and the resulting slow-down in website access can go unnoticed for months and even years.

Notable incidents of distributed denial- and degradation-of-service attacks in past include the attack upon the SPEWS service in 2003, and the one against Blue Frog service in 2006. In 2000, several prominent Web sites (Yahoo, eBay, etc.) were clogged to a standstill by a distributed denial of service attack mounted by a Canadian teenager. An attack on grc.com is discussed at length, and the perpetrator, a 13-year old probably from Kenosha, Wisconsin, was identified on the Gibson Research Web site. Steve Gibson disassembled a 'bot' which was a zombie used in the attack, and traced it to its distributor. In his account about his research, he describes the operation of a 'bot'-controlling IRC channel.

Beginning in July 2009, similar botnet capabilities have also emerged for the growing smartphone market. Examples include the July 2009 in the wild release of the Sexy Space text message worm, the world's first botnet capable SMS worm, which targeted the Symbian operating system in Nokia smartphones. Later that month, Charlie Miller revealed a proof of concept text message worm for the iPhone at Black Hat. Also in July, United Arab Emirates consumers were targeted by the Etisalat BlackBerry spyware program. At the present time, the security community is divided as to the real world potential of mobile botnets. But in an August 2009 interview with The New York Times, cybersecurity consultant Michael Gregg summarized the issue this way: "We are about at the point with phones that we were with desktops in the ’80s.”

[Vinceserious 502]

Nice work