What is a Botnet?
A botnet is a network of hijacked internet-connected devices infected with malware, which are then remotely controlled by a hacker/cybercriminal (bot herder) to perform malicious activities. It can be used to attack computer systems, IoT, and any other device that connects to the internet. It is commonly used to launch large-scale cyber attacks such as DDoS, mass email spam, ransomware, phishing, and targeted intrusions.
Bots are programmed to remain dormant until instructed by the bot herder via a command and control server. These servers can communicate with the infected bots through file sharing, email or social media application protocols. Once the commands are received, they are relayed to the bots to execute on the infected system. Once the bots complete the command, they report back to the herder. Bot herders can amass thousands of or even millions of devices, known as bots, in a botnet for cyberattacks. Often, the bots are self-propagating and recruit new bots through exploitation of website vulnerabilities, Trojan horse malware or cracking weak authentication.
Because they are controlled by remote human intelligence, bots can be far more effective than traditional malicious executables. They can also be updated to evade detection by antivirus and antimalware software, or even change their function, making them difficult to stop. Because of this, many security professionals focus on disabling bots by identifying and closing down the command centers that control them. This approach is more effective than attacking individual bots, but requires law enforcement cooperation and resources.