What is a Botnet?
A network of infected computers and devices (also known as zombies) that work together to perform cyberattacks for attackers. A botnet is used for a variety of purposes including DDoS attacks, spamming and stealing data.
Botnet malware typically installs on a computer or device after an attacker exploits a vulnerability. It then uses a fraction of the device’s computing power to carry out tasks that remain hidden from the owner. Attackers often recruit millions of devices to build a botnet for an attack. They infect the devices by exploiting security gaps, sending phishing emails, or using a trojan horse virus to gain a foothold.
Once infected, the malware will monitor for instructions distributed by a server known as a command and control (C&C) server. Once the C&C server sends a command, the bot will execute it. Newer botnets operate over P2P networks and are designed to be harder to detect and disable. These bots communicate with other bots in a peer-to-peer manner by discreetly probing random IP addresses until they identify another infected machine. The bots then connect to each other and share information, such as their software version and list of other infected machines.
While many cyberattacks use botnets, they can also be controlled by a single infected computer. For this reason, it is important to keep the risk prevention software on your computer or device up-to-date and to practice a healthy dose of digital skepticism. If you notice that your system usage is high, this could be a sign of infection by botnet malware and a potential threat to your privacy and business continuity.