BotNet News

A botnet is a network of devices—including computers, smartphones, and Internet of Things (IoT) devices—infected with malware that allows a hacker to remotely control them. Once compromised, the devices, also known as zombies, silently connect to a hacker’s central server, or Command and Control (C&C), where they await commands that can include launching DDoS attacks, sending spam, stealing data, harvesting credentials, cryptojacking, or anything else. Hackers often rent out botnets to others for profit as part of the malware business, commonly called Botnet-as-a-Service.

There are several ways that cybercriminals can infect devices with botnet malware, such as through phishing emails, exploiting vulnerabilities in software or devices, or using scanning tools. Once a device is infected, it will connect to C&C servers over various protocols that are enabled on corporate firewalls and won’t be blocked by antivirus software. Botnet malware usually encrypts C&C communications to avoid detection.

Most early botnets use a client/server model, where one server acts as the bot-herder, and communicates directly with each infected device. However, since this centralized model can leave the bot-herder vulnerable to exposure, modern attackers are moving to P2P botnet structures.

Signs that a device might be infected with botnet malware can include sluggish performance, unusual system activity, frequent crashes or blue screens, unexplained application errors, or high CPU or memory usage without an apparent cause. If you notice these signs, your device may be working overtime for a botnet to send and receive data or participate in DDoS attacks, which can strain the processor and battery, causing overheating.