doc09.txt

In ancient times (say, before 2000), bored (but clever) teenagers would some-
times fill their idle hours by writing malicious software that they would then re-
lease into the world for the heck of it. This software, which included Trojan horses,
viruses, and worms and collectively called malware, often quickly spread around
the world. As reports were published about how many millions of dollars of dam-
age the malware caused and how many people lost their valuable data as a result,
the authors would be very impressed with their programming skills. To them it
was just a fun prank; they were not making any money off it, after all.
Those days are gone. Malware is now written on demand by well-organized
criminals who prefer not to see their work publicized in the newspapers. They are
in it entirely for the money. A large fraction of all malware is now designed to
spread over the Internet and infect victim machines in an extremely stealthy man-
ner. When a machine is infected, software is installed that reports the address of the
captured machine back to certain machines. A backdoor is also installed on the
machine that allows the criminals who sent out the malware to easily command the
machine to do what it is instructed to do. A machine taken over in this fashion is
called a zombie, and a collection of them is called a botnet, a contraction of 
'robot network'.
A criminal who controls a botnet can rent it out for various nefarious (and al-
ways commercial) purposes. A common one is for sending out commercial spam.
If a major spam attack occurs and the police try to track down the origin, all they
see is that it is coming from thousands of machines all over the world. If they ap-
proach some of the owners of these machines, they will discover kids, small busi-
ness owners, housewives, grandmothers, and many other people, all of whom vig-
orously deny that they are mass spammers. Using other people's machines to do
the dirty work makes it hard to track down the criminals behind the operation.