Hacked computer networks, or botnets, are becoming increasingly difficult to trace as hackers develop new means to hide them, says security experts.
Botnets are used to send spam, propagate viruses and carry out denial of service attacks - something that has again come to light with a high-profile attack on The Million Dollar Home Page, a novel advertising website idea by a British college student.
The owner of the site, 21-year-old Alex Tew, has received threatening e-mails demanding ransom in exchange for a halt to the DDoS assault.
Extortion schemes are frequently backed by the muscle of botnets, and hackers are also renting the use of armadas of computers for illegal purposes through advertisements on the Web, said Kevin Hogan, senior manager for Symantec Security Response.
Almost all botnets use IRC servers because of the common commands, Hogan said. The first legitimate bot, called Eggdrop, was written in 1993 by Robey Pointer and had a feature that allowed more control over IRC networks.
In 1999, a worm called PrettyPark emerged that made use of IRC to control other computers, Canavan wrote. Three or four years ago, it was easier to connect to botnets and estimate the size of one by noting the number of IP addresses on the network, he said.
As legislation emerged cracking down on spammers, those who ran botnets started pursuing more clandestine ways to continue their operations. Rather than deter hardcore spammers, it merely drove them further underground, said Mark Sunner, chief technical officer for MessageLabs.
Increasingly, botnet administrators have customised IRC commands, and many well-known commands that allowed for the remote querying of machines have been disabled, Hogan said. "We simply cannot see the extent of the botnet in most cases," he said.
Botnets have an ebb and flow similar to biological behaviour, Sunner said. Viruses on an infected computer may download new variants in an attempt to evade anti-virus sweeps.
Even more extreme is dueling malware. Over a year ago, two viruses - Netsky and Bagle - battled it out, uninstalling and replacing each other on users' computers.
Law enforcement authorities have become more adept at putting together task forces to track down botnet admins. They have countered by sticking to smaller groups of around 20,000 machines that are less likely to be detected as quickly, Sunner said.
In October 2005, Dutch police arrested three people believed to have controlled up to 100,000 computers for malicious purposes. "I think the bad guys have been making hay while the sun is shining but things are definitely starting to turn," Sunner warned.