BotNet News

A botnet is a group of compromised devices — often called zombie computers — that are controlled as a network by one attacker (the “bot herder”). These malware-infected systems, or bots, can be used to spread viruses and other malware, steal sensitive information, conduct large-scale cyber attacks, and perform other illicit activities.

Attackers can use a number of techniques to infect and control bots, including sending malicious email attachments, driving victims to websites that download drive-by exploits, or deploying Trojan programs that appear legitimate but are actually rogue applications. Once a device is infected, the bot will typically install remote administration tools (RATs), which allow the threat actor to access and manipulate the machine from an external location. This will allow the hacker to collect online credentials, harvest keystrokes, and hijack forms to snag form data.

Infected systems can also be used to control routers, switches, and other network equipment, redirect users to phishing sites, or participate in DDoS attacks. Fortunately, there are several ways to detect if your business is being targeted by botnets. Common signs of a botnet infection include uncharacteristically slow or sluggish performance, an unexplained increase in data usage, and uninvited changes to system configurations.

Once a botnet is discovered, there are two main methods of disabling it: taking down the command and control (C&C) centers or removing the bot malware. The former requires the support of law enforcement agencies to disable servers and domains that are used by the bot herder to control the infected systems. The latter can be accomplished by blocking communications channels and implementing firewall rules to block communication with the bot herder’s C&C servers.