BotNet News

A botnet is a network of infected devices, called bots, under the control of malicious actors (bot-herders). Hackers exploit vulnerable software and devices or use social engineering tactics to infect devices with botnet malware. The infected devices are then used to carry out attacks, often without the device owner’s knowledge. Botnets can be used for a variety of illicit activities including spamming, click fraud, ransomware distribution, DDoS attacks and more.

Once infected, devices are controlled remotely by the bot-herder. The herders recruit the bots using a variety of methods including exploiting vulnerabilities in software or hardware, social engineering, and automated scanning tools. Once recruited, bots wait to receive instructions from the herders through a command and control infrastructure. Bots can be centralized using the client-server model or decentralized using the peer-to-peer (P2P) model.

Centralized botnets rely on one central server to send instructions to the bots. This model is simple for attackers to deploy. However, if the C&C server is disrupted, the entire botnet can fall apart.

The P2P model eliminates this centralized drawback by enabling each bot to act as a client and server simultaneously. P2P bots are therefore harder to identify and dismantle. P2P bots also hide their communication pathways by obfuscating the data they transfer with polymorphic code and domain generation algorithms. As a result, they are more difficult for signature-based antivirus and traditional network security hardware to detect. This makes them a threat that is difficult to eradicate.