What Is a Botnet?
A botnet is a collection of Internet-connected devices, such as computers (PCs and laptops), smartphones, tablets, smart TVs and even IoT (“Internet of Things”) devices, infected with malware, which allows cybercriminals to control them remotely for malicious purposes, such as sending spam emails, engaging in click fraud campaigns or launching distributed denial-of-service attacks. Cyberattacks with the help of these devices can have widespread impacts, causing major disruption to online businesses and individuals alike.
To create a botnet, cybercriminals scan the Internet for vulnerabilities, misconfigurations and hardcoded gaps in security. Then they use automation and social engineering to gain access to the device, such as a password reset or fake software update site, and install the malware. Once the device is infected, it becomes part of the botnet and stays under attacker control.
Botnets communicate with their command and control servers in two ways: through the centralized client-server model, or through the decentralized peer-to-peer (P2P) model. The latter is more common today, as hackers try to avoid detection by cybersecurity vendors and law enforcement, which frequently monitor C&C communications to locate and disrupt botnets.
A hacker who controls a botnet can have thousands or millions of “zombie” computers at his disposal to launch large-scale cyberattacks. To take advantage of this, attackers need to know the IP addresses of their botnets’ command and control centers. This makes it important for system administrators to focus on shutting down these locations, a process known as cutting off the head of the botnet.