BotNet News

Your source for Online Security News

A Botnet is a network of internet-connected devices (PCs, servers, mobile devices and Internet of Things (IoT)) that have been infected with malware and are controlled by threat actors. These enslaved devices are used by cybercriminals for various malicious purposes, including sending spam emails, clicking on ads to generate ad fraud and engaging in distributed denial-of-service attacks.

The hacker that controls a botnet, also known as a bot-herder or a botmaster, typically sends commands to the bots in order to execute an attack. The infected bots remain dormant until they receive a command from their bot-herder or from the command server of a client-server-based botnet. Once the command is received, the bots start performing tasks like stealing personal data, reading and writing system information, monitoring user activities, launching DDoS attacks, crypto mining, spreading spam and more.

These bots are programmed to stay hidden from the owner of the device and even from the operating system processes that check for suspicious software. For this reason, it can be challenging to determine if your device is part of a botnet.

First-generation bots operated on a client-server model that involved direct communication between a C&C server and all the infected devices. This centralized approach left them susceptible to being exposed and taken down. More advanced bots operate on a P2P model that uses a decentralized approach to control infected bots. To communicate, a P2P bot discreetly probes random IP addresses until it finds another infected device and shares updated commands.