What is a Botnet?
A botnet is a network of devices (known as zombies) that a hacker takes control of to perform large-scale cyber attacks. Infection of victims’ devices can be accomplished using malware and a variety of techniques, such as popup ads, web downloads, exploit kits, and email attachments. Once hackers have a collection of zombie devices, they can use them to steal personal data for identity theft and extortion or to perform other malicious actions, such as DDOS attacks.
Modern bot malware often comes in the form of Trojan horses and spreads through security vulnerabilities like software update holes or worm-like techniques. Once a device is infected, modules that enable remote attackers to command and control it are installed. These can include rogue applications that allow an attack to take control of the victim’s computer and connect it back to a C&C server. They may also include keyloggers that record user activity and spyware that monitors online banking or other financial websites.
Traditionally, bots communicate with C&C servers using a centralized client-server model. However, as defenders have worked to identify and shut down C&C servers, hacker groups have pivoted to a peer-to-peer (P2P) botnet approach that relies on a decentralized approach. In this model, infected devices scan for other infected devices and carefully probe random IP addresses until they find one that is willing to act as both a client and server to share updated commands.
There are many signs that a device is infected with botnet malware, including an unusually high amount of bandwidth use or a program that stops software updates from installing. If you notice any of these issues, consider taking action to protect your device.