ExtensionsEarly History of Botnets
Last Updated on Sunday, 28 February 2010 13:05 Written by Administrator Sunday, 28 February 2010 00:00
It all began in the long long ago on EFNet the defacto public IRC (Internet Relay Chat) Network. For reasons as simple as channel dominance and nickname theft/impersonation the roots of what we now consider a botnet took hold on the internet.
Quickly clients became scriptable, which let those who were more savvy get away with what they wanted. Because of certain vulnerabilities in the infrastructure, DoS attacks on servers were common. This would cause a 'split' condition where different nodes maintained their own user lists. Each server would then crown its own operator and when the servers merged back together all hell would break loose. Scripts would fire off this way and that, sometimes booting all the users in the channel leaving it in rogue hands without an operator at all. People would then try to split the network again just to reestablish their operator status. Needless to say it was a real mess.
Soon enough, instead of depending on scripted clients (and actually needing to be present) a handful of what were scripts started morphing into what we would call bots. Bots were already rather prevalent on IRC, they often provide tasks in channels, store information about regulars, topic links, etc... Soon enough, people figured out that if you kept a bot with operator status on each IRC server when they split everything was kosher. The bots could themselves dominate the channel. If they were able to talk to each other, they could perform all the necessary actions (and only the necessary actions) instead of some horrific chain of recursive scripts going off by 20 users at a time. A channel may have 10 bots that work together (maybe in a larger network of 100 bots).
Eventually, the DoS turned to DDoS when people figured out that their botnets were in many ways the perfect internet weapon. The story of botnets is long and winding, but that's how it went 'in the beginning.'