How Does a Botnet Operate?
At its height, the Conficker botnet was one of the largest ever. A computer worm, it infected millions of devices and allowed hackers to steal banking credentials, launch DDoS attacks, and engage in other cyber crimes. Another popular botnet, Gameover ZeuS, racked up $100 million in losses at its peak.
The hacker that controls a botnet is known as the bot herder, and they can execute a range of commands on each device. For example, they can collect and store personal information, read or write system data, monitor user activities, search hidden vulnerabilities, scout other network devices, eavesdrop on users’ conversations, send spam, and launch DDoS attacks.
To operate a botnet, the bad actor first hacks and infects devices. They then install software on the victim’s machine that connects back to a central server. Once connected, the bot can be controlled remotely using command programming.
Most botnets run on a client-server model, where one server acts as the bot herder’s command-and-control server. These servers are easy to locate and can be destroyed, but they also introduce a single point of failure for the botnet.
P2P botnets, on the other hand, have a more complex structure where each device operates as both a client and a server. These systems are harder to set up, but they can be more resilient against security tools and attacks.