What is a Botnet?
A botnet is a network of hijacked devices (computers, mobile devices or IoT devices) infected with malware enabling hackers to control them and unleash attacks like distributed denial-of-service (DDoS) attacks. These attacks can cripple websites, sabotage services and even disrupt internet connections for thousands of people at once.
Hackers build botnets for a variety of reasons. They can be paid on a rental or sale basis to attack other machines and steal their data, they may also be hired to perform large-scale spam campaigns, or they could simply want to cause chaos and distress for others.
Bots are infected through a variety of methods including clickjacking, phishing scams, rogue apps and password hacking. The infected device then acts as a zombie, allowing hackers to gain unauthorized access into other devices on the same network and potentially spread malware to them.
Early bots used a traditional client/server approach, with each infected device connecting to a central command-and-control (C&C) server to receive instructions. This made it relatively easy to stop botnets by identifying the central C&C servers and cutting them off. Modern bots use a P2P approach to control infected devices.
This decentralized model embeds the instruction responsibilities inside the botnet. This makes it more difficult to disable an existing botnet, although individual devices can be identified and either reformatted/ factory reset, their backups reinstalled or other strategies from the manufacturer/ system administrator can be implemented to eliminate the malware on the device.