What is a Botnet?
A botnet is a network of hijacked Internet-connected devices that have had malware installed on them and are controlled by a hacker/cybercriminal. They are commanded in unison by the threat actor, known as a bot herder, to carry out a variety of malicious attacks and scams like spam emails, ransomware, malware propagation and DDoS (distributed denial-of-service) attacks. These are often conducted without the device owner’s knowledge or permission.
Once a device has been compromised, it can be added to the botnet army by a variety of methods including web downloads, exploit kits, popup ads and malware embedded in software updates or email attachments. The malware infects the device with remote administration tools (RATs) that give the attacker a backdoor into the machine so they can remotely control it. The attackers may also add other malware to the compromised machines in order to carry out specific actions such as spyware, keyloggers or ransomware.
The hackers that run the botnets can have centralized or decentralized structures. In centralized models, each bot in the network connects to a command server where they can receive new instructions. In more advanced decentralized botnets, the bot herder simply publishes commands to a publishing domain and the infected computers – called zombies – spread these instructions among themselves through peer-to-peer communication.
Attackers use botnets to automate large-scale illegal actions that would be too time-consuming or difficult for them to carry out on their own. The massive scale of these attacks allows them to steal data, sabotage services and even take down technological giants. System administrators and law enforcement concentrate on closing down the command centers of these botnets.