BotNet News

A group of computers or Internet of Things (IoT) devices infected with malware that allows a cybercriminal to remotely control them. The malicious software is programmed to communicate with a central server or bot master through covert channels to receive instructions. This communication is known as command and control (C&C). The hacker, also known as a bot herder, can then perform various automated attacks on the network of infected devices, called a botnet, to steal sensitive data or cause disruptions of online services and websites.

Generally, a hacker creates a botnet to achieve specific objectives or for financial gain. These include launching Distributed Denial of Service (DDoS) attacks to flood target servers with traffic, harvesting credentials by using form grabbing and brute force searches, or injecting malware into systems. The attacker can also use a botnet to launch DDoS attacks for hire or sell access to compromised devices on the dark web.

Most botnets begin with a user unknowingly installing malware through phishing emails, drive-by downloads, or exploiting vulnerabilities in software applications and IoT equipment. The malware infects the device and gains a back door to access more systems and networks. Some botnets, like the Mirai botnet that significantly disrupted internet service in 2016, are large and comprise of many different types of devices.

Older centralized models of botnets require that the bot herder maintain a direct connection to each of the infected devices, typically through pre-configured Internet Relay Chat (IRC) servers and channels or HTTP web domains. This model is vulnerable to disruption through a single point of failure, and that’s why most bot-herders have moved towards decentralized models that embed the instructions into the botnet malware itself.