Bad Networking: What is a Botnet?

Patrick Putman

What is a Botnet?

There are countless threats to computer security. Many of these threats are nothing more than good technologies used for bad reasons. One example of this is a botnet. Short for “Robot Network,” it is a group of connected computers controlled by software. This software is then used to perform a specific task. Botnets can consist of anything from smartphones and IoT devices, to home computers and corporate mainframes. There are positive uses for botnets, however, the majority are used for malicious intent.

How Do Botnets Work?

Hackers create botnets by infecting internet-connected devices with malicious software called malware. Once infected, all other devices on that network are at risk. Each computer in a botnet is called a bot. Used to launch attacks, these bots form a network. Additionally, a computer or device called a command-and-control server is used to control the botnet. This device is controlled by a single user known as a “Bot Herder.”

Bot programs are constructed as clients which communicate via existing servers, thus allowing the bot herder to control the network remotely. The size of a botnet allows an attacker to perform more large-scale attacks. These attacks were previously not possible using malware or hacking alone. 

Botnets are created through the use of file sharing, email, and phishing. Because botnets remain under the control of the bot herder, an infected machine can receive updates; therefore, changing its behavior almost instantly. As a result, bot herders can “rent” out segments of their botnet on the dark web for significant financial gain.

The objective of creating a botnet is to infect as many connected devices as possible. A single bot is all but useless to cybercriminals due to the small amount of bandwidth used. However, a botnet with millions of devices can generate massive amounts of resources used to launch complex and large-scale attacks. 

Botnets then use the device’s computing power and resources to perform tasks unbeknownst to the user. Furthermore, botnet infections are most often spread through the use of malware known as a trojan horse. As the botnet grows larger, the amount of required resources becomes smaller, making the bot more difficult to detect. As a result, botnets can fly under the radar on your machine for quite some time.

What Are They Used For?

Botnets are essentially connected computers performing a number of repetitive tasks. By donating their system downtime, users can participate in voluntary botnets to solve complex problems. Likewise, the organization SETI even uses botnets to assist in the discovery of life outside our planet. However, botnets have recently become popular tools used by malicious actors to launch cyber-attacks.

Common cyber-attacks launched by botnets include:

  • Launching Distributed Denial-of-Service (DDoS) attacks to shut down networks or websites.
  • Using your computer to email large amounts of spam to millions of users.
  • Stealing computer resources to mine cryptocurrency for financial gain.
  • Generating fake internet traffic to a website for financial gain.
  • Fake Ad campaigns specifically targeted at you.
  • Spreading malware and ransomware to other devices.

The reality is that botnets can be used to launch any form of cyber-attack.

Protecting Yourself Against an Infection

Botnets are relatively easy to protect against and remove. The most difficult part is figuring out if you have one in the first place.

Common signs to look for are:

  • Slow computer performance.
  • Your computer fan is on high during idle time.
  • Your computer takes a long time to shut down or won’t shut down properly.
  • Programs begin running very slowly.
  • You are unable to download and install system updates.
  • Your internet access has slowed to a crawl despite being on broadband.
  • Friends and family received emails or messages you have not sent.
  • Popup advertisements begin to appear out of nowhere.
  • Windows Task manager shows programs with very cryptic names or descriptions.

If you discover any of these signs, it is best to run a system scan immediately with an up-to-date virus scanner. You can also take your system to a reputable technician for a scan and removal.

How to help prevent an infection:

  • Always update your device’s operating system as early as possible.
  • Maintain an up-to-date virus scanner capable of detecting malware.
  • Do not download any attachments or click any links from unknown senders. This is one of the most common methods of attack.
  • Use a firewall when surfing the internet.
  • Be careful when surfing the internet. Do not go to any sites known for distributing malware.
  • Avoid peer-to-peer sharing websites and programs.

Hackers tend to look for the easiest target. Even basic defenses and common-sense practices can help prevent an infection.

Patrick Putman

Tags: , , , , ,