Botnet

Why Trust Techopedia

What is a Botnet?

A botnet (robot network) is a network of infected computers and devices connected in a coordinated fashion for malicious purposes. Each Internet-connected device in a botnet is called a bot. These bots are compromised with malware and controlled by a third party, called a botmaster or bot-herder. Individually, each bot has little impact. However, as a network of many devices controlled by an attacker, botnets are used to automate large-scale cyberattacks.

Advertisements

Botnet activity includes transmitting malicious software (malware), phishing campaigns, stealing data, distributed denial-of-service (DDoS) attacks, and other malicious activities. Typically, users are unaware that their computers are infected and under the control of a botmaster.

Originally, botnets were created as a tool with valid purposes in Internet relay chat (IRC) channels. Eventually, hackers exploited vulnerabilities in IRC networks and developed bots to perform malicious activities such as password theft, keystroke logging.

A botnet may also be known as a zombie network, a phrase used to describe compromised computers and devices acting like “zombies.”  The terms are often used interchangeably.

What is Botnet

Key Takeaways

  • A way to define botnets is a group of infected computers connected in a coordinated fashion for malicious purposes.
  • Botnet can transmit malware, phishing campaigns, and distributed denial-of-service (DDoS) attacks.
  • Attackers use remote commands to coordinate botnet activity on infected devices.
  • Botnets are significant because both hackers and organized crime use them to perform illegal activities online.
  • A command-and-control (C&C) server facilitates communication between the attacker and bots.

How a Botnet Works

How a Botnet Works How are botnets created? Well, it often starts with attackers targeting computers not safeguarded with firewalls or antivirus software. A botnet manipulator can take control of a computer in various ways, but the most common methods include exploiting software vulnerabilities, sending email attachments, and embedding malware in website hyperlinks, and offering free software downloads.

For example, parents looking for trustworthy spy apps for legitimate monitoring activities may unknowingly download a free app that contains malware that turns your computer into a bot.

Once the malware is executed, the infected internet-connected computer or device is a bot and joins the botnet. When the attacker has control of multiple devices, they use remote commands to simultaneously coordinate botnet activity according to their objectives.

What Are Botnets Used For?

Botnets are significant because they have become tools used by both hackers and organized crime to perform illegal activities online. For example, hackers use botnets to launch coordinated denial-of-service (DoS) attacks, while organized crime uses botnets as ways to spam, or send a phishing attack that is then used for identity theft.

Even more concerning is the industry that has sprung up around botnets, where bot herders build botnets specifically to “rent” to the highest bidder. Whether they send spam, adware/spyware, viruses, worms, or other malicious software, botnets can be used to perpetrate just about any type of cyberattack.

Botnet Examples

Some of the most notable botnet examples include:

Mirai (2014-2016)
This Internet of Things (IoT) botnet spread to vulnerable devices by continuously scanning for IoT systems with factory default usernames and passwords. The Mirai botnet is believed to have hijacked 67,000 devices on its first day, enabling the creator to launch attacks with up to 350,000 bots at a time.
GameOver Zeus (2011-2014)
GameOver Zeus malware used social engineering and malware attacks on victim banking accounts. Infected computers became part of a botnet using peer-to-peer (P2P) protocols. It is estimated that GameOver Zeus infected over 250,000 computers and is responsible for over $100 million in monetary losses.
EarthLink Spammer (2000)
One of the first botnets to garner attention was EarthLink Spammer, built by Khan K. Smith in 2000. It was responsible for sending 1.25 million phishing scam emails to obtain personal information, such as usernames, passwords, and credit card numbers. Smith was caught and sued by EarthLink for using their network for his scheme.

How Do Hackers Control a Botnet?

Attackers control a botnet through remote programming, using a command-and-control (C&C) server that enables them to maintain control using a botnet program. The C&C server facilitates communication between the attacker and the bots. For example, the attacker can send malicious botnet commands to the bots, which then report back with any stolen data or information and receive new instructions. The botnet program automates the process of installing code on bots, allowing them to receive and execute commands and communicate with the server.

What is a Botnet Attack?

A botnet attack explained in simple terms is when a large number of bots – the computers and other devices infected with malware – are used to carry out cyberattacks. According to AVG, the most common botnet attacks include spam and phishing attacks, malware distribution, brute force attacks, and cryptojacking.

Types of Botnet Attacks

8 Ways to Protect Yourself From Botnets

Botnet security relies heavily on users being proactive about protecting devices and being cautious when dealing with links and downloads.

Here is how to protect yourself from botnets:

  • Avoid opening email attachments without verifying it first.
  • Configure firewalls for maximum protection.
  • Don’t click on suspicious/unexpected email links.
  • Enable browser protection against phishing and malware.
  • Keep device operating systems updated.
  • Scan all downloads before executing them.
  • Update factory default settings on devices.
  • Use reputable antivirus software.

The Bottom Line

The botnet definition refers to a network of infected computers and devices connected in a coordinated fashion for malicious purposes. Botnet activity includes transmitting malware, launching phishing campaigns, stealing sensitive data, and distributing DDoS attacks.

Unfortunately, it can be difficult for users to detect botnet infections, and most are unaware that their device is infected. To protect against botnets, users need to be proactive – ensure devices are updated, change factory settings on IoT devices, and use caution when opening email attachments or clicking links.

Experts also recommend scanning free software before installing and using a reputable antivirus software to improve botnet security.

FAQs

What is a botnet?

What is a botnet in cyber security?

What do botnets do?

What are botnets used for?

Is a botnet good or bad?

Are botnets illegal?

Is botnet a cybercrime?

Advertisements

Related Terms

Vangie Beal
Technology Expert
Vangie Beal
Technology Expert

Vangie Beal is a digital literacy coach based in Nova Scotia, Canada, and recently joined Techopedia. She is an award-winning business and technology writer with 20 years of experience in the technology and web publishing industry. Since the late 1990s, his byline has appeared in dozens of publications, including CIO, Webopedia, Computerworld, InternetNews, Small Business Computing, and many other technology and business publications. She is an avid gamer with deep roots in the female gaming community and a former Internet TV gaming host and gaming journalist.