One scenario works like this: A hacker takes advantage of a flaw in Microsoft'sWindowsoperating system to infect hundreds of thousands of computers, creating a "zombie network" of machines. Net criminals "recruit" these so-called zombie PCs from around the world by way of malicious code. The computer owners are usually unaware that their computers have been compromised and are being used to send out spam or bombard Web sites with massive amounts of data.
This is a criminal activity and hackers who are found guilty of this admit to making money in several ways, including: selling access to their botnet to online advertising firms which feed pop-up ads to the infected computers, installing pop-up ads on the infected computers which generate income through affiliate schemes, renting out the botnet for hackers who wish to blackmail Web sites, or using the botnet to steal information or pump out spam campaigns. Once convicted, hackers may face up to 6 years in prison.
Here's an example of its usage in the news: On March 5, 2009, the Associated Press reported that a Los Angeles computer security consultant has been sentenced to four years in federal prison for using malicious software that turned thousands of computers into "zombies" so he could steal private information. Prosecutors say 27-year-old John Schiefer was sentenced Wednesday after pleading guilty last April to computer fraud. Prosecutors say Schiefer and his associates created "botnets" _ armies of infected computers _ to steal individuals' identities by extracting information from their personal computers. Schiefer also worked as a consultant with a Dutch Internet advertising company to defraud it with his botnets. He was ordered to pay $19,000 in restitution to PayPal and other companies.