BotNet News

Your source for Online Security News

Botnet

Botnet is a portmanteau word that describes a network of infected computers under the control of an attacker, known as a “bot herder.” In general, bots are used for distributed denial-of-service (DDoS) attacks. They are also used for other tasks such as sending spam, stealing data or fraudulently clicking on ads.

Infected devices become part of a botnet in two ways: either by downloading malicious code from the internet or by exposing their firmware to wormable malware. Some bots also use a series of phishing or drive-by download attacks to infect devices with their malware.

The number of infected devices in a botnet varies based on the type of malware and the threat actor behind it. Some bots recruit new devices based on vulnerabilities in their own hardware and software, others are designed to target other IoT or enterprise devices.

To create a botnet, a threat actor needs a large number of infected machines and an infrastructure to manage them. Traditionally, the most common bot architecture is a client-server model wherein each infected machine connects to an existing server. This simplifies the process of updating instructions to a large botnet. However, it is susceptible to disruption via a single or a few points of failure.

Recently, bot programs have evolved to rely on peer-to-peer networks instead of centralized servers. This has made it less likely that a single point of failure can disrupt the entire botnet.

In order to control the infected devices remotely, a bot herder can utilize remote administration tools (RATs). These rogue applications allow the threat actor to control more than one machine from a single point of control. RATs are often used in conjunction with other types of malware such as fake software update websites, Trojans and spyware.