Installing Malware and Potentially Unwanted Software
Bot-herders often use their botnets to download additional malware to victimsâ€™ computers to reap additional profits. Early botnets often focused on installing adware, spyware, and other potentially unwanted software in an effort to earn quick profits. In a typical incident in 2005, a bot-herder in California used the bot family Win32/Rbot to install adware on more than 20,000 computers as part of a pay-per-click advertising scheme that brought in more than U.S. $50,000, according to the U.S. Department of Justice.
Malware installed by botnets often works silently to avoid tipping off the victim that the computer is infected, but not always. Some botnets, including Win32/Waledac, have been observed to download rogue security softwareâ€”programs that masquerade as legitimate antimalware products, displaying false alerts about nonexistent infections on the victimâ€™s computer and offering to remove them if the victim pays for the "full version.â€ Botnets have also been observed downloading packet sniffers and additional downloaders. Some botnets are even instructed to download and install other bots. Variants of Win32/Hamweq have been observed to download Win32/Rimecud, a botnet family with more sophisticated backdoor features.
Win32/FakeSpypro, a rogue security software family downloaded by Win32/Waledac