What is a Botnet and How Does it Work?
A botnet is a network of hijacked computers and devices infected with nefarious malware that is remotely controlled by the attacker. This hacker control is often used to steal credentials, send spam and Distributed Denial of Service (DDoS) attacks. Attackers and cybercriminals create botnets by exploiting security holes in software, compromised websites and phishing campaigns.
Botnet malware infects Internet-facing devices like PCs and laptops, mobile phones and tablets, and even Internet of Things (IoT) appliances like smart home thermostats and routers. Using the compromised device as a gateway into your network, the attacker can then deploy bots to perform various malicious activities like gathering and stealing user information, launching DDoS attacks, sending spam, crypto mining or engaging in ad fraud.
As cyberattacks become more sophisticated and devices continue to proliferate, hackers and attackers are finding new ways to build their botnets. They are increasingly taking advantage of P2P communication methods to avoid detection by cybersecurity vendors and law enforcement agencies.
The first step in building a botnet is to infect the device with bot malware through a phishing attack or an exploit kit. The bot then waits to receive commands from a remote control server called a C&C server. Traditionally, this communication was accomplished through IRC chats or HTTP messages.
Newer botnets, such as the widely distributed Zeus malware or the notorious Mirai botnet, fully operate over a peer-to-peer (P2P) network that uses a decentralized approach to controlling infected devices. Infected devices discreetly probe random IP addresses until they find another bot that is willing to share updated commands and the latest version of their malware with them.