Botnets: How the Dark-Net Popularized Bot-Nets


Digital tools have been supported by the dark-net for a long time. Tools that are designed to breach subscriptions for services such as Spotify. Cybersecurity tools and countless other pieces of software can be found on the dark-net. Despite that, it's a different thing that caught the eyes of cybersecurity experts. A sharp growth in botnet advertisements created to compromise devices.

An Introduction to Botnets

Botnets are commonly used for Distributed Denial-of-Service (DDoS) attacks. DDoS attacks are not that harmful in most cases, but when it comes to botnets, they can be. A botnet refers to a large group of computers connected to the internet that have been compromised by threat actors. This technique is used to multiply the force of the criminals. This method also spreads the attacks around the world, making it harder to block the traffic.

Botnet attacks are truly powerful and dangerous. One example that showed the true danger of botnets occurred in 2016. It is reported that the Mirai botnet took down a large chunk of the internet. Services such as Netflix, Twitter, CNN and large financial institutions have been affected.

After this meltdown that affected a large part of the internet, the situation was only made worse. The creator of the botnet decided to make its source code public. This inspired countless people across the world to create their own variation.

The co-creators of the attack tool faced justice. Despite that, the impact they created can still be felt today. To this date, the dark web continues to promote legacy botnet tools. This is evident by the large number of vendors advertising the sale of botnets.

Botnets on the Dark-Net

Dark web markets have played a huge role in popularizing botnets. The instrumental growth of botnets would not have been possible without dark-net markets. Such markets facilitate the sale of malware that is designed to infect machines in order to grow their network.

The theory of renting botnets on dark-net marketplaces is nothing new. Hacking as a service has been around for years on such platforms. The way it works is strikingly similar to renting a botnet. This industry is becoming very profitable for cyber-criminals and is proving very dangerous.

All cybersecurity experts agree that botnets are highly effective and dangerous. Networks like the Mirai have resulted in very high capacity attacks. These DDoS attacks are able to take down huge networks and affect millions at once. Since the introduction of dark-net markets the DDoS sector has evolved. Anyone, from highly skilled hackers to basic computer users with someones IP can rent these networks and carry out attacks.

A security service report was published by IBM researchers. The report mentions the huge role of the dark-net in popularizing such tools and malware. The research mentions the wide variety of tools available for purchase on underground markets. The researchers stumbled upon this discovery after they found a large number of advertisements on one of the largest markets. Back then, this market was the most popular dark-net market in existence.

The report also highlights the advanced organized structure of the dark-net. Markets have evolved so much that they mirror commercial models used in legitimate economies. The report focuses on the adoption of network based customer-to-customer and business-to-customer approaches. These sales and service tactics are oddly similar to legitimate ones.

The scan of the dark-web conducted by IBM lead researchers to one vendor. While reviewing botnet advertisements on the hidden services, the team found something odd. A vendor by that goes by the name "ZeusOverTor" got their attention. This vendors offerings appeared to fall in the classifications of highly potent malware. Such malware was created to infect victims computers.

Zeus Botnet Vendor Profile

The advert hosted by the vendor claimed to offer a better version of the Zeus Trojan. An "extremely resilient" one to be precise. The version of the malware promised to move all of its communication operations over Tor. This was meant to allow for much greater anonymity.

When in action, this translates to the data flowing between the attacker and the infected computer over Tor. This would make it impossible for victims to somehow track the endpoint of the traffic. The botnet also offered many competitive features. Threat actors were enabled to conduct money transfers and disable anti-virus software. The researchers concluded that such tools are highly dangerous. Enabling threat actors to commit countless crimes, these products can leave a trail of destruction. From theft, to launching attacks from a victims computer, the results can be catastrophic.


The research conducted by IBM is very helpful in uncovering the affect of the dark-net on botnets. As expected, dark-net markets played a huge role in popularizing such tools. As mentioned in previous articles, this does not only apply to the botnet sector. Countless research suggests that the dark-net has helped accelerate all types of cyber-crime. Not only that, but with the era of the dark-net new forms of crime are being invented. Instead of hackers carrying out attacks and profiting from them, they can just profit from the tools. This is a new form of crime and the equivalent of a drug supplier but in the cyber-security sector. We are expecting to see an increased interest from law enforcement as such a big sector can no longer stay under the radar.