BotNet News

A botnet is a network of devices (computers, tablets and mobile phones) infected with malware and controlled by hackers. Attackers use them to execute a range of malicious activities, including cryptocurrency mining, data theft, sabotage of services and sites, cyberattacks such as distributed denial-of-service attacks (DDoS), and spamming and phishing. Bots can also be used to spy on people’s internet activity and gather information such as usernames and passwords for online accounts.

A cybercriminal, known as a “bot herder” or “bot master,” controls a botnet via a command and control (C&C) server. Once malware has infected a computer, it will report back to the C&C server to await instructions on which activities to perform.

Commands are usually delivered through a communications protocol such as Internet Relay Chat (IRC), email, file sharing application protocols, or social media application protocols. Once a bot has received its commands, it will act according to those instructions, and will also report back to the C&C server about the results of those actions.

Hackers and criminals have developed botnets with two basic structures: client-server and peer-to-peer. They’ve also made bots increasingly polymorphic, which makes it more difficult for traditional anti-virus/anti-malware solutions to detect them.

Attackers use different types of malware to infect internet-connected devices and turn them into bots. The most common is ransomware, which encrypts a victim’s files and demands a payment from them to unlock them. Another popular type of botnet is Mirai, which targets Linux IoT systems such as routers and cameras to perform DDoS attacks on websites and critical services like DNS.