What is a Botnet?
A botnet is a network of compromised computers and Internet of Things devices (IoT) under the control of a hacker, also known as a “bot herder.” Cyber criminals use these networks to spread malware faster, launch distributed denial-of-service attacks (DDoS), steal credentials, and conduct other illicit activities.
A device that becomes part of a botnet is typically infected with malware that allows a cyber herder to remotely control it. Hackers can recruit devices into a botnet through phishing emails that contain malicious attachments, software vulnerability exploits that target unpatched operating systems and applications, brute-force attacks where automated tools guess weak passwords, or through self-propagating code that automatically installs itself on compromised machines.
Once a device is infected, it can be used to send spam, participate in DDoS attacks, or perform other tasks that can strain a computer’s processor and battery, causing overheating. Signs that a machine or IoT device may be infected with botnet malware include a sluggish system response, unexplained crashes, and unusually high data usage.
The success of a botnet is typically based on its command and control architecture, which can be disrupted by taking down the server(s). In the past, many botnets were centered around IRC networks or domains that have been shut down by law enforcement agencies. However, as centralized servers were taken down, hackers have moved on to more sophisticated models that are less susceptible to disruption through a single point of failure. For example, some botnets now utilize components of peer-to-peer filesharing to communicate between bots and the hacker command center.