BotNet News

Your source for Online Security News

Botnet

A Botnet is a network of malware-infected devices that are remotely controlled to perform cyberattacks on behalf of their owners. These attacks may include stealing data, spamming, ransomware, sabotaging services or carrying out distributed denial of service (DDoS) attacks.

The infected devices, called bots, can be computers or Internet of Things (IoT) devices such as security cameras, routers, printers and other appliances. They are recruited into a botnet by exploiting vulnerabilities in software or websites and spreading the infection using popular social engineering techniques including phishing, click fraud, trojan horses and malicious advertisements.

Once a device is infected, it automatically connects to a remote server or website known as a command and control (C&C) server for instructions. This communication usually uses old-school chat protocols such as Internet relay chat (IRC), telnet or even ordinary HTTP to avoid detection. Some bots are programmed to remain dormant until instructed to engage in a cyberattack.

In order to prevent the spread of these cyberattacks, system administrators and law enforcement often focus on shutting down C&C servers and identifying the bot herders behind them. To make this more difficult, hackers have evolved the architecture of their botnets to evade these efforts. For example, newer bots are designed to obfuscate their communications by embedding the command and control structure within the network using components of decentralized peer-to-peer (P2P) filesharing programs. This eliminates the single point of failure present in client-server botnets and makes it more difficult to locate a command center or identify its owner.