skip navigation


Register for Latest Research

Stay Informed
Register with NCJRS to receive NCJRS's biweekly e-newsletter JUSTINFO and additional periodic emails from NCJRS and the NCJRS federal sponsors that highlight the latest research published or sponsored by the Office of Justice Programs.

NCJRS Abstract

The document referenced below is part of the NCJRS Virtual Library collection. To conduct further searches of the collection, visit the Virtual Library. See the Obtain Documents page for direction on how to access resources online, via mail, through interlibrary loans, or in a local library.


NCJ Number: 230112 Find in a Library
Title: Examining the Creation, Distribution, and Function of Malware On-Line: Executive Summary
Author(s): Bill Chu Ph.D.; Thomas J. Holt Ph.D.; Gail Joon Ahn Ph.D.
Date Published: 2010
Page Count: 10
Sponsoring Agency: National Institute of Justice (NIJ)
Washington, DC 20531
National Institute of Justice/NCJRS
Rockville, MD 20849
NCJRS Photocopy Services
Rockville, MD 20849-6000
Grant Number: 2007-IJ-CX-0018
Sale Source: National Institute of Justice/NCJRS
Box 6000
Rockville, MD 20849
United States of America

NCJRS Photocopy Services
Box 6000
Rockville, MD 20849-6000
United States of America
Document: PDF
Type: Report (Study/Research)
Format: Document
Language: English
Country: United States of America
Annotation: Using a criminological and computer-science examination of multiple data sets, this study examined the social and technical aspects of the creation, distribution, and use of bots, which constitute a new form of malicious code used by computer hackers and attackers to perpetrate costly computer crimes.
Abstract: The analysis of the functions and activity of 13 bots in a simulated computing environment indicates that they had significant impacts on the system by changing system protocols, including adding and removing files, dlls, and registry information. Two of these bots also attempted to download other executable programs hosted on both Web sites, including a compromised server hosting a legitimate business Web site in the United States. All of the bots attempted to connect to Internet Relay Chat (IRC) command and control servers around the world. Nine of the bots were able to connect to the IRC command and control channel, and four required a password to log in to the channel. Five of the bots were able to connect to the channel and received commands to scan other systems online, participate in denial-of-service attacks, infect other systems, and open communication sessions with other computers. The creation and sale of bots and malware were examined through a qualitative examination of 909 threads from 10 publicly accessible Web forums in Eastern Europe and Russia designed to facilitate the creation, sale, and purchase of malware and hacking instruments. An examination of the ads posted in these forums demonstrated that a service economy has developed to facilitate cybercrime, particularly in the sale of malware. Malware was the most prevalent item sold in these forums, composing 34 percent of the total sale-related threads. Individuals requested or sold bots, trojan horse programs, encryption tools, and iframe malware uploading and downloading services.
Main Term(s): Computers
Index Term(s): Computer abuse; Computer aided operations; Computer related crime; Computer software; Crime in foreign countries; Eastern Europe; NIJ grant-related documents; Russian Federation
To cite this abstract, use the following link:

*A link to the full-text document is provided whenever possible. For documents not available online, a link to the publisher's website is provided. Tell us how you use the NCJRS Library and Abstracts Database - send us your feedback.