How Botnets Are Used

Installing Malware and Potentially Unwanted Software

Bot-herders often use their botnets to download additional malware to victims’ computers to reap additional profits. Early botnets often focused on installing adware, spyware, and other potentially unwanted software in an effort to earn quick profits. In a typical incident in 2005, a bot-herder in California used the bot family Win32/Rbot to install adware on more than 20,000 computers as part of a pay-per-click advertising scheme that brought in more than U.S. $50,000, according to the U.S. Department of Justice.

Malware installed by botnets often works silently to avoid tipping off the victim that the computer is infected, but not always. Some botnets, including Win32/Waledac, have been observed to download rogue security software—programs that masquerade as legitimate antimalware products, displaying false alerts about nonexistent infections on the victim’s computer and offering to remove them if the victim pays for the "full version.” Botnets have also been observed downloading packet sniffers and additional downloaders. Some botnets are even instructed to download and install other bots. Variants of Win32/Hamweq have been observed to download Win32/Rimecud, a botnet family with more sophisticated backdoor features.

Win32/FakeSpypro, a rogue security software family downloaded by Win32/Waledac


Top of page Top of Page

Featured Articles


United States Change All Microsoft Sites



Was the information in this article helpful?