A botnet is a network of compromised computers. The computers are infected with one or more trojan viruses that make outbound connections to Internet Relay Chat (IRC) servers. When the trojans arrive at the IRC servers, they are given commands to perform actions such as attacks and spam runs. Also, all modern trojans have keystroke loggers, so as soon as the bots connect to an IRC server, the trojan runner can pull financial information, passwords, and additional information from the victim's computer.
- The next time that computer is connected to the Internet, that trojan will start up an IRC client and connect to a server. Sometimes it is a real IRC server, but more often it is an IRC server which has been set up on a shell account and paid for with a stolen credit card. The trojan will also have been coded to make the bot join a certain channel once it has connected.
- The trojan may have been downloaded to the victim's computer by the following ways.
- Wrapped up in a file that looks innocent, usually a game crack or email attachment.
- The trojan virus may be named to make you think it is an anti-virus program.
- There was hidden code on a website that a person visited, which downloaded the virus to their machine.
- The major difference between a bot in a botnet, and your common eggdrop or IRC client script bot in a channel, is that the botnet variety have been created with a trojan and, almost always, without the knowledge of the person whose computer they are running from.
Removing Trojan Viruses
Some of these trojans can not be identified with anti-virus software. You may have to reformat your machine to destroy the trojan.