What is a Botnet?


botnet sign Photo by kentoh - yayimages.com

A Botnet (short for robot network) is a group of computers that have been infected with malicious software by unscrupulous individuals and which are linked together in a manner to facilitate a malicious attack by a third party. Each connected computer in a botnet is called a bot (not to be confused with ‘bots’ from search engine crawlers). They are used to disseminate malware and spam across a wide variety of computer systems.

Role of Attackers

In the beginning, botnets were not designed with such nefarious objectives. Instead, the notion was to aid Internet relay chat (IRC) channels. However, given that botnets were still in their nascent stage, hackers were able to exploit loopholes in the system and began developing bots in order to perform unfavorable activities such as password theft.

Primarily, an attacker will take aim at computers that are not safeguarded by protective layers like firewalls and antivirus software. An attacker can assume control of vulnerable systems in a number of ways. The most frequently used method includes viruses or worms.

Botnets are essential since they are used by hackers and those who invest in criminal schemes so that they may execute activities online of the illegal variety. A common ploy put into practice by hackers is to initiate a coordinated Denial-of-Service attack (DoS). On the other hand, those involved in organized crime use botnets as a means of spam or spreading phishing attacks.

Furthermore, a growing concern faced by victims is that botnets are used by attackers to rent to the highest bidder. Irrespective of the type of attack, these botnets are used to perpetrate multiple forms of attacks, which is what makes them such a pertinent threat.

How Botnets Work

Conventionally, a bot is infected with malware. The bot is then included in a network of computers, all of which are infected devices. This network is typically orchestrated by an individual actor or in some cases, multiple agents.

Moreover, botnet malware is generally seeking devices on the internet that are easily assailable and are ripe for an assault. Unlike other scammers and fraudsters, botnet attackers do not target particular individuals, firms or industries. They are simply searching for computers that are defenseless.

The central idea behind the creation of a botnet is to infect as many connected devices as possible. Also, attackers want to use the tools at their disposal i.e. the computers they attack for automated tasks that are usually concealed from the actual users of these devices.

For instance, let us look at an ad fraud botnet. This is used to infect a user’s computer and assumes control of their system in order to redirect fraudulent traffic to specific online advertisements. While doing so, it is imperative for attackers to remain surreptitious. This is why their modus operandi includes never ceasing full control of their victim’s system. In this case, they do not operate the browsers all on their own.

Alternatively, the botnet they employ only uses a small portion of the browser’s processes. In some instances, the botnet is functional but in the background, unbeknownst to the victims. They rarely send a noticeable amount of traffic from the susceptible device to the targeted ads to keep their camouflage intact.

A solitary case of bandwidth that is derived from a single user/device does not represent much value for the attacker. This is precisely the reason why cybercriminals tend to attack multiple computers in one go, so that they may reap the benefits in bulk as well. In cases that lie on the other end of the spectrum, a botnet may even combine thousands of devices simultaneously so that the organizers are able to generate a handsome amount from their investment. A lot of illegitimate traffic is triggered while the users of the compromised systems are completely unaware of the presence of them.

Botnet Architecture

In terms of their structure, botnets are generally distributed using malware such as a Trojan horse. Botnet malware is commonly designed to automatically scan systems and devices in order to assess their sensitivity and find any scope for exploitation. Botnets may also carry out a comprehensive scan to search for out of date security products that may be used on devices. If the firewall settings are ineffective or the antivirus software version is not the latest one, it could represent an excellent opportunity for attackers.

Once attackers are able to gauge the number of devices they want to infect, they control bots using two different methods. The traditional approach involves using the client/server which sets up the command and control server. Once this is achieved, attackers send automated commands to infected botnet clients. These bots are capable of dormancy so that when the opportunity arises, they may initiate a malicious attack.

The alternate approach used by attackers is to use botnets in a peer to peer networking scheme. This involves a decentralized approach and there is a marked difference from C&C servers. Infected devices are aligned to execute scans for malicious websites, for example. Once this transpires, the concerned bots are able to share updated commands.

In terms of usage, the peer to peer method is more frequently used, since cybercriminals aim to avoid detection by security vendors and agencies alike. Both aforementioned agents typically employ C&C communication methods, which is why the peer system works so well for attackers.

Prevention from Botnet Attacks

There are several techniques that must be treated as gospel if users are to avoid botnet attacks. One way is to update your operating system. This is a common tip when it comes to preventative measures since an obsolete system will mean that its security measures will be out of date as well thereby augmenting the chances of an attack.

Avoiding accessing emails from susceptible or unsafe senders is another useful and effective way to ensure that botnets do not find an avenue to exploit. The same applies to downloading from P2P and other file-sharing networks. Users should also refrain from clicking on any link form an email or other source which appears dubious and should also acquire the latest antivirus software for their system.


Posted On November 3, 2018