BotNet News

A botnet is a network of devices – PCs, servers, smartphones and even Internet of Things (IoT) devices — infected with malicious code that enables bad actors to perform multiple tasks, including sending spam emails, conducting click fraud campaigns or generating traffic for distributed denial-of-service attacks. Cybercriminals gain admin-like access to these devices, known as bots, using remote administration tools. Users may notice that their device is infected with a botnet when they experience excessive bandwidth consumption or a sudden drop in Internet speed.

The attacker, or bot herder, creates a botnet by infecting multiple machines with malware, which can be spread through phishing emails, fake software update websites, compromised apps in app stores or malware downloaders. Once the bots are infected, they remain dormant until instructed to perform a malicious activity or a cyberattack. Bots often monitor for instructions from a command and control (C&C) server over a communications protocol, such as Internet Relay Chat or DNS queries.

The bot herder can manage the bots remotely, and some use centralized client-server botnet models where a single server controls all clients. However, security agencies have cracked down on these centralized C&C servers and many cyber criminals now use decentralized peer-to-peer botnet models that are harder to locate or shut down. To maintain and grow a botnet, the herder can also update the malware running on the bots or recruit new ones through existing infected machines. Recruited bots can then communicate with each other to find and steal data, search for vulnerabilities and attack other systems.