What is a Botnet?
A botnet is a network of hijacked Internet-connected devices—such as personal computers (PCs), servers, mobile phones or Internet of Things (IoT) systems—that have been infected with malware and are remotely controlled by threat actors. The bots perform malicious tasks such as sending spam emails, engaging in click fraud, or generating massive amounts of traffic to take services and websites offline during a distributed denial-of-service attack.
Cybercriminals build botnets for a variety of reasons, including monetary gain (by stealing credentials, ransomware payments, click fraud), sabotage (by taking services and websites offline) or simply because they enjoy hacking. Regardless of motive, the goal is to create a large network of infected devices that can perform automated tasks for them.
To do this, attackers must trick the victims into installing their malware. Luckily, many authors freely distribute botnet malware so attackers don’t have to make their own software. One such example is the Mirai botnet, which infected Linux IoT devices like routers and security cameras and allowed remote attackers to flood targets with massive traffic.
Once they have enough bots, the hackers then connect and control them from a server known as a command-and-control (C&C) server. These are typically hosted in countries with weak law enforcement capabilities, making them hard for system administrators and law enforcement to shut down. As a result, some botnets have evolved to use peer-to-peer models where the infected machines act as their own C&C servers and communicate with each other over the Internet to distribute commands. This model is more difficult to take down than older centralized botnets.