ARCHIVED: What are spambots and IRC bots, and why are they dangerous?

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.

Spambots

The term "spambot" usually refers to one of the following three things:

  • A robot or spider that combs web sites for email addresses. This is currently the most common usage for the term.
  • A bot contained inside a Trojan that compromises a computer and turns it into a spam distribution node, otherwise known as a "zombie". This is slowly becoming the most common usage for this term, due to Trojans like Trojan.Anymail.
  • A program designed to shield an ISP's users from spam. This is rare usage for the term "spambot"; most people call these programs "blockers" or "filters" instead.

Of the three definitions above, the first two are associated with dangerous situations:

  • A spambot that visits web sites for links can overwhelm a web server, since the author normally writes the bot to hit sites quickly and thoroughly; the bots tend not to be "polite" in that they don't pause and give the server much time between successive link requests. In the end, all the server's resources might be diverted to the robot; in some cases, the server can crash.

    On top of that, any email addresses on the web sites are harvested and used by the spammer.

  • A spambot that zombies a computer can expose the legitimate owner to termination of his or her ISP account. Worse yet, it can expose the owner to criminal investigation for fraudulent or illegal items (especially if the spam is overtly offensive, like an ad for child pornography). Plus, the presence of the spambot clearly indicates a vulnerable system, so the computer is now a higher profile target for other malicious compromises, like those that install keystroke loggers or password sniffers. Another common term used to identify these types of programs is "spam cannon".

IRC bots

The term "IRC bot" usually refers to one of the following two things:

  • A program that stays logged into an IRC channel waiting to perform a given task, like list channel options for incoming users, log events, or host trivia games. These types of IRC bots are perfectly harmless, and are in fact necessary for some tasks.
  • A program installed by a backdoor or Trojan Horse infection that uses IRC channels to commit malicious activities, like denial of service attacks or spamming

Of the two types of IRC bot, only the second one defined above is dangerous. If you are infected by one, the possible consequences are the same as for a spambot, i.e., termination of your ISP account, exposure to criminal investigation, and further attacks by malicious infections.

This is document aose in the Knowledge Base.
Last modified on 2018-01-18 13:49:48.