What is a Botnet?
Botnets are a type of malware that spreads by looking for vulnerable devices on the internet, such as personal computers and IoT devices. The malware then infects the device and reports back to the command and control center, where it searches for more similar devices to infect. Once it has spread its malware, it becomes the boss of a botnet.
Botnets can operate in a client/server model or a peer-to-peer model. With client/server models, bots connect to a central command and control (C&C) server, such as an IRC chat room. Bots then use these centralized servers to send commands, which are controlled by the attacker.
Once a botnet has spread across a network, it will be able to access a victim’s network, send out spam e-mails, or perform DDoS attacks. The botnet originator, also known as the “bot master” or “bot herder”, controls the botnet through remote command and control. This command and control protocol requires the originator of the botnet’s malware to communicate via a covert channel. Depending on the botnet, the attacker can implement the botnet command-and-control protocol in a traditional IRC network, or in a more sophisticated one.
A botnet can also be used for economic purposes. A botmaster can use the bots to collect online credentials and use them for online trading. Using the bots to gather these credentials allows the botmaster to rent the botnet as a DDoS service or spam service, or even sell them online for a profit. The value of a botnet is dependent on its quality.