BotNet News

A botnet is a network of computers or Internet of Things (IoT) devices that have been infected with malware and put under the control of a malicious actor. The malicious actor, often referred to as the bot-herder, uses the compromised devices to perform automated tasks like sending spam, collecting keystrokes, performing form grabbing for online credentials and carrying out DDoS attacks. The bots are commanded via a command and control (C&C) server that is used to communicate with the infected devices and instruct them on what to do.

Cybercriminals use botnets for profit, from stealing data or ransomware to participating in DDoS attacks. Hiring a botnet for attack-for-hire services is relatively inexpensive and can cause significant damage with little effort on the part of the bot-herder.

Typically, first generation botnets are operated using a client/server model. They have a centralized C&C server that communicates directly with each device. Newer botnets have a decentralized peer-to-peer (P2P) system. Bots discreetly scan random IP addresses for other infected bots and communicate with them over P2P networks to share updates on their software versions and to request commands.

These newer botnets are more difficult for cybersecurity vendors and law enforcement agencies to locate and shut down because of their decentralized structure. The bots also can hide the true origin of their C&C servers to avoid detection. A sudden increase in data usage or unexplained application errors may indicate a botnet is operating on your device. In addition, your device might feel hot even when you’re not actively using it, because the malware is working overtime to send and receive data for activities like cryptocurrency mining or spam delivery.