Wow… You have won a Gift Voucher
My wife recently recieved this message
‘You have won a gift voucher of 1000 AED from XYZ Hypermarket. Click on the link given below to claim the price’
It’s very tempting to recieve something for free. It may be fake, but nothing to lose. I am smart, I will not give my account number or phone number or send in any money to claim the price.. just see whether there is a gift voucher or not — This is the attitude of most people. Trust me, if you have clicked that link, it is likely that you have joined the BOTNET, similar to the fate of people who click on the greeting card which says ‘press the swtich to see a surprise’ or ‘Click to see how you will look in 2035’
Botnet means roBOTic NETwork. It is a network of poor and innocent mobile phone or computer users. People unknowingly join the BOTNET by clicking a link or pop-up message. There is a master controller who controls all the BOTs for illegal activities such as Distributed Denial of Service Attack (DDoS) or Ransomware.
So what is Denial Of Service (DOS)?
My friend Manu started a restaurant and is doing very well. His competitor Mathew is now envious and wants to harm his business. He now hires a few people who will crowd the entrance of the restaurant so that genuine customers cannot enter. This is physical denial of service.
Manu had some losses as he lost customers. But then he started accepting orders using e-mails and providing take-away services. But Mathew is still envious. He start sending thousands of emails to Manu’s email ID so that his inbox is flooded and geniune orders are lost. This is DOS attack to an email ID.
Manu now switched from email and using a secure platform for collecting orders.
Mathew can’t tolerate this. He makes a small program and embeds it in a message stating ‘Manu is giving free lunch coupons. Click to claim your price. Forward this to your friends’
As per statisctics 50% people will click or random links and 30% people will forward this to others. Within a few hours tens of thousands of people will be members of Mathews Robotic Network or BOTNET or slaves of Mathew. Now he can decide the next move. In one command, he can attack any computer, not just Manu’s. Targetted attack on one or more computers from a distributed BOTNET is called DDOS or Distributed Denial of Service
One simple DDoS attack is a Ping of Death. All BOTNET members will send orchestrated Ping message to the target which in turn result in the death of the target. BSOD or Blue Screen of Death is another DDoS attack. The recent Wannacry was a DDoS based Ransomware, where the attacker demands money to reinstate the Computer.
It is very likely that most of us are part of one or more BOTNETs and helping Cybercriminals to work behind us.
In summary, DDoS means Distributed denial of service attacks using a network of compromised devices called BOTNET. They are created while clicking spurious links and pop-ups. Once installed, it can do actions likw switching the camera on, dial calls, send emails and remove all evidences when done. Since it is not a virus, it cannot be detected using anti-virus programs.
Three tips from me to avoid DDoS and BOTNETs.
- Never click on random links and pop-up messages even if they are from your friends
- Keep your phones and computers updated to the latest firmware
- Use Internet security and Anti-Malware protection programs.
