A botnet is a collection of internet-connected devices, each of which is running one or more bots. A bot can be PC, servers, mobiles, and internet of things devices which are infected and controlled by common malware. A botnet is the combination of ‘robot’ and ‘network’ and is used with a malicious connotation.
Botnets are used to perform DDoS attack, steal data, send spam, and the hacker can access the device and its connectivity. A botnet is controlled using command and control (c& c) software. Users cannot identify its presence in their systems.
Botnet work on two kinds of models:
Client-server model: It was used by the first botnets to complete their tasks. The bot herder who controls the botnet sends a command to the server which forwards them to the clients. After that, the client executes them and send results back to the bot herder. In case of IRC (internet relay chat) botnets, clients connect to the malicious IRC server and join the pre-designed channel for C& C by the bot herder. When the client receives commands via IRC, he executes them and sends back the results.
Peer to Peer model: New botnets use P2P networks rather than C&C. Here, bots with who have access to the private digital key can control the botnet. In order to make contact with other infected machines, the bot continuously probes random IP addresses. Then, a reply is made by the contacted bot about the information like software version and list of known bots. If one of the bots has a lower version, they will initiate a file transfer to update. Hence, a list of infected machines increases for each bot.
This kind of approach is more common these days because a group of criminals tries to avoid detection by cybersecurity vendors.
There are some notable botnet attacks which are detected in the past such as:
Zeus malware, uses Trojan horse programs to infect devices.
A srizbi botnet or Ron Paul spam botnet; in 2007 responsible for e-mail spam.
Gameover Zeus, used peer to peer network approach.
Methbot, in 2016 was found committing fraudulent by generating $3 million to $5 million daily by fake clicks for online ads.
Mirai, it used the C& C network to infect the lesser secured devices.
How to prevent botnet attacks?
Botnet malware has now become difficult to stop as they are more sophisticated and uses decentralize approach to commit crime rather than C&C which was detectable. Malware like Mirai target routers and IoT devices with weak passwords which are easy to target.
For more great content like this, subscribe to our monthly newsletter:
[newsletter]