What Is a Botnet?
A botnet is comprised of multiple computers working together with the objective of completing repetitive tasks. Although in most cases, the term botnet is usually associated with the thought of a malicious attack, there exists both legal and illegal botnets. Legal botnets can be utilized for keeping internet relay chat channels free from unwanted users for example, while illegal botnets are widely seen used in DDoS attacks and other nefarious activities.
This article will focus primarily on illegal botnets as they are becoming increasingly apparent in today's technological ecosystem.
How do computers get infected?
Botnets are created by infecting multiple systems with malware (malicious software) and thus rendering them to be slave systems to the botnet operator. This malware can be introduced to a computer system in various forms, for example:
- A trojan within an email attachment
- Drive-by downloads
- Web browser vulnerabilities
Once the malware is installed, it can connect to the host computer who is now able send commands and control the slave machine remotely. Many users are unaware that this type of malicious software even exists on their computers since it does not affect the normal operations of the machine. However, unbeknownst to them, these trojans and other malware run unwanted commands in the background.
A botnet can be created for a variety of purposes. In many cases, botnets today are created with the goal to be rented out to people wanting to send a targeted attack. The following example demonstrates the process of using a botnet for the purpose of sending out email spam.
- Multiple machines are infected with the malware sent out by the operator
- The slave machines log in to a command and control server where the botnet operator can issue commands
- A spammer rents the botnet from the operator
- The operator sends out the spammer's message to the command and control server resulting in the mass delivery of spam messages
Types of botnet attacks
Botnet attacks come in many forms. They can be used to do everything from overloading a web server with requests, to illegally generating revenue. The following is a list of a few popular types of botnet attacks.
- Distributed denial of service: DDoS Attacks are used for the purpose of making a website inoperable by overloading the server with requests.
- Click fraud: Botnets can be used to command a user's computer to click on PPC campaigns or other ads for personal monetary gain.
- Email spam: As described in the section above, email spammers can rent a botnet from the operator to send out a mass spam email campaign.
- Bitcoin mining: Botnet operators have been known to use their slave computer's resources to mine bitcoins on their behalf.
- Adware: Replaces the current ads on a web page with the ads of another advertiser for personal or commercial gain.
The list above are a few examples of how botnets can be used. One of the largest known botnets, called Zero Access Botnet, was in existence during 2013 and infected a combined total of 1.9 million machines. It used its army of slave computers for both Bitcoin mining and click fraud purposes to generate revenue.
How to protect against a botnet infection
Protecting your computer against malware comes down to increasing your machine's security and being diligent online. Here are a suggestions of what can be done to help protect against a botnet infection.
- Keep all software up to date. Software updates may come with extra security patches that can help keep your computer secure.
- Don't click on suspicious website links or open suspicious email attachments.
- Choose an antimalware software package.
As botnets continue to be a part of today's Internet ecosystem, protecting your machine against malware is crucial. Being aware of the goals that a botnet aims to achieve and what steps can be taken in order to minimize your machine's risk are necessary to help reduce the chance of an infection.