BotNet News

Your source for Online Security News

A botnet is a network of devices (computers, phones, or even Internet of Things devices) that are infected by malware and controlled remotely. Cybercriminals use them to perform Distributed Denial-of-Service attacks, spam, click fraud, cryptocurrency mining, and more.

The hacker behind a botnet is called a bot herder or a bot master, and they control the bots by communicating with them via covert channels. Traditionally, these channels used IRC networks or domains, but hackers have moved to P2P botnet models that rely on a decentralized approach where each zombie computer acts as both server and client. This makes it much harder to find and take down.

Typically, the bot software is installed on a device by remote access tools (RATs) that are disguised as legitimate applications and spread through security flaws in a worm-like manner. However, the infection process can be triggered by clicking on fake software update websites or through other methods.

Once a device is infected, the malware spreads by itself or on command from the bot herder. It may steal credentials from point of sale (PoS) systems and other systems to be sold as DDoS, spam, or a means for the bot herder to make money by mining cryptocurrency.

Taking down a botnet can be challenging because the bot herders are often in countries with lower levels of law enforcement capability. Identifying and closing down the botnet command centers can help to stop the attack. But bot herders and their networks are constantly mutating to evade detection, and closing down the command center is usually easier said than done because they can operate across multiple regions.