Botnets are, effectively, groups of computers that are infected with malicious software. A threat operator can remotely control all the devices in the botnet, harnessing their combined computing power. Malicious activities carried out by botnets include sending a high volume of spam messages, conducting Distributed Denial of Service (DDoS) attacks, generating bogus website traffic and coercing users to make a payment to be disconnected from the botnet.

In this blog, we’ll put botnets under the microscope and examine how they are created and how hackers and other malicious actors put them to use against enterprises and institutions.

How botnets begin

To conduct large-scale attacks and disruption, the controller of a botnet (sometimes called a bit herder or botmaster) will begin by creating malware that enables them to take control of a host computer remotely and discreetly. Once developed, they must get hundreds, thousands and sometimes even millions of users to install the malware on their personal computer.

Usually, hackers will achieve this via malware known as a Trojan. Named after the Ancient Greek legend of the wooden horse that led to the fall of Troy, this malicious software disguises itself as a useful app or harmless digital file. Unaware of the consequences, users are fooled into installing it on their device.

This can happen in many ways. It may be a seemingly benign attachment on an email from an unknown sender and, once downloaded, the malware is dropped on the device. It may also arrive as a pop-up ad warning that a device is infected with a virus. If clicked on to resolve the issue, the malware is downloaded and installed. Another route for infection is when enterprises download software from an untrustworthy site and receive botnet malware instead of the app they are after.

As soon as the malware is installed, the attacker is sent a notification and the device becomes part of their botnet and can be remote controlled.

What are botnets used for?

Once created, the potential for malicious activity is almost endless. Perhaps the most common use for botnets is to execute DDoS attacks.

There are multiple forms of this attack, but hackers generally use botnets to transmit a massive wave of data requests or web traffic to an app, website or server. When the system becomes overwhelmed by the influx of activity, it will typically be knocked offline.

DDoS strikes are commonly aimed at rival businesses, to take down specific web content related to terrorism, politics or journalism, or to cause disruption of important services. Today, mercenary botnets are often rented out for use by other threat operators and sometimes sold to the highest bidder. As a rule, they are exceptionally difficult to detect without stringent antivirus software.

If you are looking for a secure workspace for your employees, at Galaxkey, we can help. Our system has zero backdoors for hackers to gain a foothold on your network and no passwords are ever stored. Contact us today for a free 14-day trial.