What is a Botnet?
A botnet is a collection of compromised computers (known as bots) infected with malware that can be controlled remotely by a cybercriminal or attacker. A hacker, also known as a bot herder, can use a botnet to launch distributed denial of service attacks (DDoS), spam attacks, or even to steal sensitive information like credit card details.
The bot herder controls the botnet via a command-and-control (C&C) server. The bots that are part of a botnet will periodically report back to the C&C server with instructions to carry out malicious activities. Traditionally, this communication has been done using Internet relay chat protocols but it can be done through any channel that is capable of sending and receiving data. This client/server model is fairly easy for defenders to find and destroy, so hackers have evolved their botnets to be more resilient.
Any device that can access the Internet is a potential target for botnet infections. Computers have historically been the primary candidates but mobile devices like smartphones and tablets are now a frequent target as well. Smart home appliances, Internet of Things (IoT) devices, and network infrastructure hardware are all examples of additional targets that have been co-opted into botnets. Once a device is infected, the bots can spread to other computers on their own through a variety of methods including exploiting website vulnerabilities and cracking weak authentication. The bot herder may then rent out the devices in his or her control to be used for DDoS attacks, spam, phishing campaigns, or the theft of online credentials.