What is a Botnet?
Malicious botnets are made up of hijacked internet-connected devices (such as computers, mobile phones and Internet of Things [IoT] devices) that are infected with malware. These bots are controlled remotely by attackers or cybercriminals – known as “bot herders” – who use them to launch targeted attacks such as DDoS, click fraud and phishing campaigns and steal information.
The first botnet, built by Khan C Smith, was used for distributing spam email in 2001, earning him millions of dollars. Since then, botnets have evolved to include more attack types and communication protocols and to support a variety of devices including IoT devices. Some bots have a centralized command and control [C&C] server while others are designed to use peer-to-peer [P2P] architecture and other management channels to communicate with one another.
Most people aren’t even aware their devices have been infected by a botnet, which hides its activities from users and takes over the device’s functionality to carry out malicious tasks on the user’s behalf, without their knowledge or consent. These tasks range from sending a large number of spam emails to carrying out DDoS and other attacks.
Botnet malware typically infects multiple devices simultaneously using a wide variety of methods, from exploiting unpatched software bugs in operating systems, web browsers and apps to wormable code that targets specific firmware vulnerabilities in IoT devices. Once a large enough collection of devices has been infected, they are ‘mobilized’ by the bot herder who sends commands or updates to them. This allows the bots to carry out larger-scale automated attacks on a target or group of targets. Alternatively, the bot herder may sell or rent access to segments of their botnet on the dark web and black market.