BotNet News

A botnet is a network of Internet-connected devices that have been infected with malware and come under the control of a threat actor. The devices—called bots, or zombies—can be used to perform illegal tasks such as spam email generation, click fraud campaigns, or to generate malicious traffic for distributed denial-of-service (DDoS) attacks. The attacker, known as a bot herder, can orchestrate these tasks from a central location.

Once the hacker has infected a device, they can control it remotely using botnet malware, often unbeknownst to the device’s owner. This malware is typically hidden inside rogue applications or spreads through security vulnerabilities in a worm-like fashion. Once installed, it monitors for commands from a command and control (C2) server, or from other sources such as data posted on websites, social media channels, or DNS requests. When instructed, the bots will carry out those instructions.

Most traditional botnets use a client-server model in which each infected computer, or bot, connects to a C&C resource like a web domain or Internet Relay Chat (IRC) channel. These connections allow the attacker to send automated commands to each bot. But as these resources are often easily taken down, hackers have moved away from them in favor of a peer-to-peer network approach that uses components of P2P filesharing to control infected bots.

Peer-to-peer botnets can be harder to detect and mitigate because the devices only communicate with each other directly, rather than connecting to a central C&C server. As a result, they are also more likely to remain undetected for longer.