BotNet News

Your source for Online Security News

A botnet is a network of hijacked computers, servers, laptops, mobile devices and internet-of-things (IoT) gadgets infected with malware that can be remotely controlled by a threat actor. The bad actors can use the compromised devices to carry out malicious functions, including sending spam emails, engaging in click fraud and generating traffic for distributed denial-of-service attacks.

The bots that comprise a botnet perform automated tasks that remain hidden from the device users. For example, ad fraud bots are programmed to redirect web browsers from legitimate sites to fraudulent ones. They may also be able to steal login credentials for bank accounts, email services and social media networks.

Threat actors usually infect the devices in a botnet with malware that exploits software and website vulnerabilities, phishing techniques or Trojan horse programs that look authentic but contain malicious code. Once the devices are infected, they can stay dormant for months and even years, waiting for the right time to be activated and used for cybercrime activities.

Bots typically communicate with a control server (known as a bot herder) to receive instructions and share data with other enslaved devices. But recent research shows that hacker groups have been experimenting with peer-to-peer (P2P) botnets, where the herder’s commands go directly to the bots without going through the server. This makes it more difficult for cybersecurity vendors and law enforcement agencies to track and disrupt the botnets. For that reason, it’s important to understand how botnets work and the ways they can be detected.