What is a Botnet?
A Botnet is a group of computers that are infected with malware and have come under the control of a cyber criminal. These malicious devices can be used to launch DDoS attacks or spread malware.
Botnets can be a problem for any company, organization, or individual who uses Internet-connected devices such as personal computers, servers, mobile phones, and smart appliances. These can include smart watches, DVRs, and security cameras.
Often, these devices are not aware of their own participation in a botnet. A cybercriminal can infect an appliance by exploiting software vulnerabilities in the firmware of the device.
Then, a hacker can take over the infected device and assemble it into a botnet that he or she can remotely manage. They can then execute large-scale attacks that could otherwise be difficult to conduct on a single device alone.
There are three main types of botnets: hierarchical, client-server, and peer-to-peer (P2P). The hierarchical model involves a server that communicates with other devices using bots.
A client-server botnet uses a central command and control (C&C) server to send commands to infected devices. This is a common method of controlling bots, but can be more difficult to detect or take down than a P2P botnet structure.
Peer-to-peer (P2P) botnets involve every compromised device connected to the network acting as both a client and a server. Newly recruited devices remain dormant until they receive commanding instructions from a bot herder or botmaster, who is either another compromised device in a P2P botnet or the C&C server in a client-server botnet.