BotNet News

A botnet is a network of devices, including personal computers (PCs), smartphones, tablets, IoT devices and servers, that have been infected with malware to work together toward cybercriminals’ goals. Unlike earlier malware attacks that were more like a swarm of independent viruses, botnets allow attackers to scale their efforts by harnessing semi-autonomous infected machines.

Often undetected, the compromised devices are used for various cyberattacks and scams such as spamming, click fraud campaigns and Distributed Denial-of-Service (DDoS) attacks. They can also be used to mine cryptocurrencies such as Bitcoin.

Threat actors that control a botnet are called “bot herders”. They use remote access tools to take command of compromised systems, known as zombie computers or bots. The RATs communicate with the C&C server through covert channels such as Internet Relay Chat or web-injections into websites or secure portals.

These C&C servers are usually hosted in a different country than the victim device and are based on network protocols such as IRC or HTTP bots. The first generation of botnets used a client-server model that requires a central server to communicate with each bot. However, this centralized approach was more susceptible to disruptions by global law enforcement and security agencies.

You can often tell if a computer is infected with a botnet by an unusual spike in bandwidth usage and dip in internet speed. You may also notice unwelcome changes in the system files of the device. The best way to detect the presence of a botnet is through EDR solutions that can provide full visibility into all endpoints and devices on the network.