What is a Botnet?

A botnet is a network of compromised devices created to launch an attack by sending a massive amount of traffic to a target server. A bot is any digital device that is entirely under the control of an attacker (the “botmaster”) without its owner’s knowledge. It does anything the botmaster commands, such as spam other computers, spread fake news, or bombard a server with random data.

With a botnet, an attacker can send out a torrent of spam, for example, that is more devastating than what a single device can manage. A botnet attack relies on an overwhelming number of bots to cause as much damage to the target as possible.

Think of it this way: If you get stung by a single bee, it will definitely hurt. But if you get stung by an entire swarm of them, it could be fatal.

Other interesting terms…

• What is Digital Forensics?
• What is a Rainbow Table Attack?

Read More about a “Botnet”

Any device that becomes part of a botnet turns into a component of a hive. That device typically gets infected with malware via vulnerability exploitation, a drive-by download, or clicking a malicious link or downloading an attachment in a spam email. The malware allows the botmaster to take complete command and control of all infected devices.

What can Botnets Do?

Some of the threats botnets figure in include:

• Distributed denial-of-service (DDoS) attacks where bots send tons of traffic to take a target website offline; Mirai, the first Internet of Things (IoT) botnet, which was responsible for taking OVH and Dyn offline, is an example of this
• Send spam emails to millions of users anywhere in the world in one go; the Cutwail botnet, for instance, is capable of sending as many as 74 billion emails in one day
• Hike a website’s Internet traffic for financial gain
• Run pop-up ads on target sites then ask their owners for payment for removing the infection
• Distribute malware to as many systems as possible; the ZeuS botnet, which allowed its owner to amass millions of dollars from victims for years, is an example of this

The First Botnets

Today, botnets are essentially attackers’ troves of workhorses due to their ability to perform tedious tasks without much effort on the bot master’s part. But bots didn’t start as threat enablers. The first bots, in fact, kept Internet Relay Chat (IRC) servers alive even if the members (real people) of a chat group become inactive.

Three of the oldest bots were made by Jyrki Alakuijala (known as “Puppe”), Greg Lindahl (called “Game Manager”), and Bill Wisner (dubbed “Bartender”). Due to their success, bots later served as crawlers for search engines. WebCrawler, developed in 1994, was the first bot used to index web pages. AOL used it in 1995 before Excite bought it in 1997. But probably the most famous Internet crawler is Googlebot, which was initially called “BackRub” when it was made in 1996.

The first malicious botnets, meanwhile, were Sub7 (a Trojan) and Pretty Park (a worm), which were designed to attack IRC users in 1999.

Protection against Botnets

In general, most bot owners do not know that their computers have been compromised to become part of a botnet. That said, everyone must take the utmost care to avoid infection. Some of the ways they can do so include:

• Installing a cybersecurity solution that can detect and prevent malware installation
• Regularly updating one’s operating system (OS) to patch vulnerabilities that botmasters can exploit
• Avoid downloading spam attachments or clicking links embedded in emails from unknown sources
• Using a firewall when browsing the Internet
• Accessing only reputable websites for news and information

Keep in mind that hackers always target the vulnerable. Strengthening your computer’s defenses can prevent it from becoming part of any botnet.

Key Takeaways

• Botnets are collections of bots or automated programs malicious actors use to attack their target.
• Botnets rely on an overwhelming number of bots to cause as much damage to the target as possible.
• Devices become part of a botnet when they get infected with malware via vulnerability exploitation, a drive-by download, or downloading a malicious email attachment.
• Botnets can be used to perform malicious activities, including DDoS attacks, sending spam emails, displaying pop-up ads, and distributing malware.
• The first bots were used to keep IRC servers alive when users became inactive.
• Sub7 and Pretty Park were the first malicious botnets created in 1999.
• To protect against botnets, use a cybersecurity solution, keep your OS updated, avoid downloading and clicking suspicious email attachments or links, and use a firewall when browsing the Internet.