What is a Botnet?
Botnet is a network of malware-infected computers that are controlled remotely through command and control (C&C) servers. Owners of a botnet are called “bot herders,” or “botmasters.”
Bots can be used to launch cyber attacks in many ways, including stealing credentials, spamming, and executing DDoS attacks. They are particularly popular for launching distributed denial of service attacks, which involve hundreds or thousands of compromised machines attempting to access a single server and knocking it out of commission.
The devices that are most commonly used to recruit botnets include personal computers, servers and mobile devices. But Internet of Things (IoT) devices such as routers and web servers are also targeted in some cases.
When a device is infected, it will perform a little slower than normal and will be more difficult to use without anti-virus protection. Symptoms of an infected device may include unusually high traffic on WAN links, which can be tracked through packet captures.
Hackers use different tactics to control botnets, but typically two common approaches are client-server or peer-to-peer. The former aims to give the botmaster complete control by using C&C servers.
The latter involves a more decentralized model that allows individual users to send commands directly to the bots themselves through a communications protocol such as Internet Relay Chat (IRC). Although this method is less secure, it can be easier to track down where the command came from and to shut down the network if necessary.