A BBC News technology programme has acquired a botnet from an online chatroom and used it to hijack almost 22,000 computers.
The BBC website said: "If this exercise had been done with criminal intent it would be breaking the law. But our purpose was to demonstrate botnet's collective power when in the hands of criminals."
Click, the BBC's technology show, ordered its PCs to send out spam to two specific test e-mail addresses set up by the programme, filling inboxes with thousands of junk messages within hours.
It then launched a Distributed Denial of Service (DDoS) attack on a backup site owned by security company Prevx - who had agreed for it to go ahead. Click ordered its slave PCs to bombard its target site with requests for access and it only took 60 machines to overload the site's bandwidth.
Jacques Erasmus from Prevx told the BBC: "Cyber criminals are getting into contact with websites and threatening them with DDoS attacks. The loss of trade is very substantial so a lot of these websites just pay-up to avoid it."
The botnet has now been destroyed and the users of the unprotected PCs users have been given security advice on how to make their machines less vulnerable.
Greg Day from McAfee told IT PRO: "These botnets are a double edged sword. Not only do they steal from our computers, important information like credit and debit card numbers but, just as insidious, use our PCs to attack others. From a business point of view this can be very damaging."
"The best protection against this is simply up-to-date anti-virus software and network intrusion prevention."
Click will be broadcast on Saturday 14 March on the BBC News Channel.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Seized database helps Europol snare botnet customers in ‘Operation Endgame’ follow-up stingNews Europol has detained several people believed to be involved in a botnet operation as part of a follow-up to a major takedown last year.
-
Horabot campaign targeted businesses for more than two years before finally being discoveredNews The newly-discovered Horabot botnet has attacked companies in the accounting, investment, and construction sectors in particular
-
Brand-new Emotet campaign socially engineers its way from detectionNews This latest resurgence follows a three-month hiatus and tricks users into re-enabling dangerous VBA macros
-
Microsoft says “it’s just too difficult” to effectively disrupt ransomwareNews The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy
-
Beating the bad bots: Six ways to identify and block spam trafficIn-depth Not all traffic is good. Learn how to prevent bad bots from overrunning your website
-
Ukraine's vigilante IT army now has a DDoS bot to automate attacks against RussiaNews The 270,000-strong IT Army of Ukraine will now combine supporters' cloud infrastructure to strengthen the daily attacks against their invaders
-
Microsoft's secure VBA macro rules already being bypassed by hackersNews Recent analysis of Emotet activity has revealed a shift away from malicious Office documents to drop malware
-
Emotet infrastructure has almost doubled since resurgence was confirmed
News Researchers confirm the infrastructure has also been upgraded for a "better secured", more resilient operation
