BotNet News

Your source for Online Security News

A Botnet is a network of hijacked devices infected with malware that are under the control of an attacking party, often referred to as a “bot-herder.” From a central computer, the attacker can command these many thousands or millions of devices to perform a range of actions, from DDoS attacks to spam-sending to crypto mining.

A hacker creates a Botnet by installing malware on devices connected to the Internet, such as computers running Windows OS or MacOS, laptops, tablets and smartphones. But also at risk are Internet infrastructure hardware devices like routers that enable and support Internet connections, as well as industrial control systems used to monitor and control processes in manufacturing or energy generation.

Cybercriminals use phishing attacks and security holes in software and websites to compromise these devices with botnet malware, which can then steal personal information and carry out cyberattacks on the victims. The malware remains silent and undetected until the attack begins, at which point it sends instructions to the device to begin its nefarious tasks.

The command and control (C&C) model botnets typically use involves infected devices communicating over a network protocol like IRC or HTTP. These centralized C&C servers can be easily identified and disrupted by cybersecurity vendors and law enforcement. To avoid this, some attackers use more decentralized peer-to-peer networks or a hybrid of client/server and P2P models.

For example, the Zeus malware — one of the most popular cyberattacks of all time — used a P2P botnet to infect millions of devices and take over the machines’ CPU power for stealing bank account numbers and other sensitive data. Other types of botnets have been used to spread ransomware like CryptoLocker, as well as to generate fake clicks on online ads for financial gain.