BotNet News

A Botnet is a network of compromised computers and Internet of Things (IoT) devices, which are infected with malware that enables them to be remotely controlled by a cybercriminal. Once hijacked, these devices – also known as bots or zombie computers – are used by the attacker to carry out large-scale attacks. The hacker who controls the botnet is referred to as the botmaster, and they use it for their own financial gain or criminal intent.

Versatile Weaponry

Threat actors use botnets to achieve a wide variety of goals, from crippling websites with DDoS attacks to harvesting sensitive corporate credentials for sale online. The bots in a botnet communicate with the bot-herder via a command and control (C&C) server, which can be either centralized or peer-to-peer. The centralized structure makes it easier for the bot-herder to manage, but it introduces a single point of failure, so once the C&C is taken down, the botnet is dismantled.

Peer-to-peer bots communicate directly with each other to exchange commands. This makes them more resilient to the removal of one bot, but it’s also harder for defenders to identify and block malicious communication. Typically, the C&C server uses Internet Relay Chat (IRC) or HTTP to communicate with the bots. This makes it difficult to block unless IRC proxies are in place. However, many botnets have started to use more sophisticated evasion techniques, such as domain generation algorithms and IP address switching, which make it even harder to stop them.