What is a botnet?

You might have seen the term botnet banded around on the internet. It is composed of two words you understand but when put together it sounds a bit confusing. Don’t worry you are not alone.

Botnets are, in fact, a serious issue and a big factor in the spread of malware. You might even be part of a botnet attack without knowing it! And as you will find out here, that isn’t something to turn a blind eye on.

What is the definition of a botnet?

Let’s start with the basics. Time for a botnet definition. The term botnet is formed from the words ‘robot’ and ‘network’. Botnets are clever and conniving. They take over your internet-connected devices without you knowing, not only this they take over others devices too and form a network.

You probably won’t even know if your computer or mobile devices have been hijacked. However, the devices in this new found zombie computer army of bots are then able to infect hundreds, if not thousands of others with malware. These bots are all part of a bigger picture of scams and cyberattacks.

So, let’s get a little more into the nuts and bolts of how this looks. You are probably wondering where botnets come from and how they are distributed.

How do botnets work?

We’ve now established that a botnet is nothing more than a string of connected computers coordinated together to perform a task. Unfortunately, in this case not for the greater good. The reason they were built is so that hackers can infect computers at a more efficient rate. If an attacker is just using their own local devices to spread a new malware they are limited.

So once the bot program has been written the bot herder is in charge. Bot herders are like the master of puppets or bot master. They are hackers who scan specific network ranges and find vulnerable devices, such as machines without current security patches, on which to install their bot program. Generally speaking. hackers will exploit these vulnerabilities or distribute malware through emails and other online messaging services.

The target user of the attack’s device will then get infected with the botnet malware when they do something specific — this might be through a download button masking as legitimate or even just clicking a link in the email that will auto-download the malicious software.

They are now exposed, their device is well and truly at the mercy of the hackers. Whatever the method once they have made this security breach they can move onto their ultimate goal.

Through simple commands they can now control all the infected machines. The bot herder can remotely control these devices. What most will go on to do is use these computers as their base to then send out tens of thousands more messages through a variety of different ways to increase their malware army of zombie computers.

But you might still be asking yourself why? Why do all of this? The answer is simple and also pretty scary! This omnipotent control they now have over thousands of devices gives them access to system data, personal information, activity and the ability to run applications on the remote device. There are countless more but these should be enough to keep you up at night.

How do botnets get their commands?

As we mentioned before, it is the bot herder that is in charge of instructing all the botnet controlled computers. This is all done by remote programming in order to retain a high level of security. Command and control (C&C) is the server source of all these orders. This is a computer controlled by the cybercriminal which is used to send commands to the compromised internet connected devices. Many botnet campaigns have been found using cloud-based services, such as webmail and file-sharing services, as command and control servers to blend in with normal traffic and avoid detection.

What are the reasons for botnet attacks?

Whether it is just to be a pain in the arse or something quite a bit more sinister. Botnets are created with something to gain in mind. We touched upon this earlier but here we will go into a little more detail on what these botnet creators or cybercriminals are commonly after. Here are a list of the most likely:

Information theft — A lot like other malware attacks. Most botnets want to get hold of the infected users’ personal details. Whether it is a Facebook account or Whatsapp messages, these could potentially be used against that person in a ransomware attack.
Financial theft — If they gain access to bank account login details they will be able to directly steal money. Whether they do this in a discreet manner, bit by bit, or they take out the victims hard earned cash in one lump sum, this is going to be a very devastating outcome.
Cryptocurrency scams — This one is becoming far more popular in recent years with the rise in popularity of cryptocurrency. Once a computer is under the control of the hacker they can take over the users’ accounts to mine for cryptocurrency.
Selling access to other criminals — Having access to the unsuspecting users’ accounts puts the hacker in a position of power. They can now use the infected machines and the accounts tied to them to spread the botnet network even further.
Sabotage of services — Through the infected devices they now have the same privileges. This may mean they are able to take down services or make websites go offline.

So, as you can see here, the reasons behind botnet attacks are the same as most other cybercrime activities. However, the difference here is that it can happen on a much larger scale in a far shorter period of time.

What is even scarier is the fact that once the large network of infected devices has been created it can then be sold to other cybercriminals. Remember, botnets are good at going under the radar so the network could easily be rented out to different cybercriminals so they can launch a large-scale scam attack and the source network may stick around for a long time undetected.

Types of botnet attacks

While botnets can be an attack in themselves, they are an ideal tool to execute secondary scams and cybercrimes on a massive scale. Common botnet schemes include some of the following:

Distributed Denial of Operations Service (DDoS) — A botnet can be used for a distributed denial of operations service attack, also known as a DDos attack. DDoS attacks aim of this is to destroy the network connectivity and services by overburdening the computational resources or by using up a lot of the bandwidth of the victim.
Keylogging — A keylogger is a computer program that records every keystroke made by a computer user. It is generally used to gain access to passwords and other confidential information. With the help of these programs, a botmaster can retrieve sensitive information and steal data. This could be login details for PayPal or a bank account.
Mass identity theft — Reports suggest this is one of fastest growing crimes online right now. Phishing or spam emails are sent out by bots and they direct traffic to a fake website. This website is made to look like something legitimate, such as a bank account or a social media website. When the unsuspecting user inputs their details their personal information is recorded. The attackers now have access to bank accounts, credit card details, taxes and much much more. Frightening, right?
Botnet vs botnet — Sometimes bots can actually go head to head. Think of it like when the T-1000 battled the T-800 in Terminator 2. Basically one bot might infect a computer that has already been infected by another botnet. It can then be hijacked by the commander.

Is a botnet illegal?

In short. No. Well kinda anyway.

Making the botnet isn’t illegal but what you do with it might be. There are 2 factors that are important in creating and using a botnet legally. As long as

every single device in that botnet belongs to you, or you have explicit permission from the owners
you don’t use the bot net for anything illegal, like DDos attacks

The minute you use them to launch a “Denial of Service” attack on a server, you are no longer playing just with your own toys. There are actually quite a few examples of legal botnets (aside from plain only computer networks in companies). One was used for analysing astronomy data, while another used idle computer resources for investigating protein molecules. These two were effectively screensavers, and only kicked in when the users were not using the devices.

5 notable botnet malware attacks

Here are just five of the most notable botnet attacks in history:

Kraken — This one goes way back. This botnet was discovered all the way back in 2008. Yes, botnets have been around a while! Although it isn’t specifically known just how many infected computers there were, it was definitely pretty colossal. In fact, some have estimated that Kraken infected 10% of all Fortune 500 companies (this is just Fortune magazine’s annual list of the biggest US companies). What set it apart from the rest back then was that it was able to avoid being detected by anti-malware software, even when auto-updated. It is not impossible Kraken could make a return one day.

Mariposa — Also from 2008, Mariposa was a botnet that came from Spain, hence the name which translates to butterfly. It stole millions of dollars from people by discreetly stealing their credit card numbers and financial passwords. The malware was spread through online ads and was able to infect ten million machines! All the cybercriminals that rented the botnet were brought to justice in Spain when a record was found that listed them. Oops!

Methbot — In 2016 Methbot entered the ring. It originated from Russia and used foreign computers and networks in Europe and North America. Cybercriminals were able to use the sophisticated botnet operation to impersonate both websites and visitors in order to steal as much as $5 million in ad revenue per day from publishers.

Mirai — The Mirai malware took advantage of insecure IoT devices in a simple but clever way. It scanned big blocks of the internet for open Telnet ports, then attempted to log in default passwords. In this way, it was able to amass a botnet army of zombie computers. The Mirai botnet was one of the most well DDoS attacks. It was so devastating it left much of the internet inaccessible on the east coast of America. It was eventually taken down by security teams and law enforcement was notified.

3ve — 3ve was a botnet that operated between about 2013 and 2018 and was responsible for mass ad fraud and was able to evade detection for a long time. White ops and security researchers eventually discovered it in 2016 which led to an FBI investigation the following year. 3ve’s has been well documented because it led to several high profile arrests from international law enforcement agencies and sent a warning to those that were thinking of getting involved in ad fraud.

How can you stay protected from botnet attacks?

Like with any threats to your online privacy it is important to stay protected. Stopping a botnet malware from infecting one of your hardware devices will be a mixture of common sense, protective software and being cautious. It really is all about taking preventative measures.

So without further ado, let’s get to what you can do. First of all, you should Improve all of your passwords. No more of this ‘12345’ business please. Having complex passwords will go a long way in helping keep your devices safe. Also, it is a good idea to have different passwords for all your logins. We know this isn’t very realistic for many, that is why we think you should download a simple password manager to do this for you!

Make sure you download the latest software updates for any devices you own. These updates don’t just improve the look and feel,a they also fix vulnerabilities in the operating system.

Stay on the look out for phishing emails. As we talked about earlier, one of the most common ways hackers are able to infect your computer with malware is through disguised email. Don’t click on a link or download an attachment unless you are absolutely sure it is safe to do so. And if you do click that link, don’t input your login username or password! This also applies to instant messages and SMS. If you get a text from an unknown number, chances are it is a scam.

I think I have infected machines

Last, but by no means least, make sure you have anti-virus software installed. Don’t let your devices become zombie computers! If you think you have an infected device, or you are suspicious of botnet activity, you can download our free app today and find out how we can help keep your devices safe from spyware and much much more. We are on Android and iPhone. It is time to be cyber safe!

Don’t forget we are now on Twitter, Facebook and Instagram! Be sure to follow us for security tips and all the latest privacy news.

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.