What is a Botnet and How Does it Work?
Botnets are networks of infected devices controlled by a bot herder, or botmaster. They can perform a variety of tasks, including launching distributed denial-of-service attacks or sending spam.
Bot herders have a number of motives for creating botnets, some to earn money, steal data or harm a business’ reputation. They may also sell or rent access to their network to other cybercriminals on the dark web or black market.
Architecture of a Botnet
There are two types of botnet structures that cyber criminals use to control their networks: client/server and peer-to-peer (P2P). The client-server model uses centralized communication between the bot herder and each device on the network, which is easier to detect and disrupt than other models.
Peer-to-peer botnets rely on existing P2P networks to communicate with other malware-infected devices, which makes them more resilient. They also obfuscate the connection between bot herder and malware-infected devices, making it harder to trace the source of the attack.
How a Botnet Works
To create a botnet, a malicious actor needs to exploit a security vulnerability in a computer system or Internet-facing device. They then infect the affected device with a piece of software that provides the attacker with remote access to it.
In many cases, this is done through embedding malware-laden links into a website that victims unknowingly click on. This opens a gateway to the bot’s command and control server.
Once the connection is established, the device becomes part of the bot’s network and begins executing nefarious commands. These can include launching distributed denial-of-service (DDoS) attacks, sending spam, and stealing data.