BotNet News

A network of infected systems that are controlled remotely, a botnet is changing what’s possible for malware. Unlike previous malware that was more of a swarm of independent agents, a botnet allows the threat actors to control a larger number of devices at once for greater attack power and value.

Botnets have been used for cryptocurrency mining, financial fraud, theft of sensitive information, sabotage (taking services or sites offline), and cyberattacks such as distributed denial-of-service attacks (DDoS). Threat actors infect systems with a remote access tool (RAT) that enables them to gain remote control of multiple devices. RATs can be installed via malicious email attachments, drive-by downloads on compromised websites, and exploit kits that target software vulnerabilities.

There are two main types of botnets—client/server and P2P—although most botnets use a combination of these models. Client/server botnets have centralized command and control servers that dictate instructions to the infected machines, while P2P botnets are more resilient because they have a peer-to-peer architecture where each machine acts as both a client and server to communicate with other botnet devices.

Some of the most popular and dangerous botnets include Emotet, Mirai, and Zeus. Emotet spreads polymorphic malware that changes code every time it runs, allowing the threat actor to steal sensitive data and conduct financial fraud. Mirai is famous for its ability to weaponize IoT devices and run massive DDoS attacks. And the recently discovered Gorilla botnet, built on leaked Mirai code, has infected millions of devices to perform DDoS and other attack attacks.