A prevalent menace on the cybercrime landscape, botnets consist of multiple internet-connected devices. Servers, personal computers (PCs), mobile phones, tablets and even internet of things (IoT) devices are all instances of the type of equipment enslaved by botnets. Individual devices are infected, allowing them to be controlled by malware, and in most cases their owner is entirely oblivious to this activity.

The infected devices are remotely controlled by threat operators, who are often cybercriminals. The compromised computers and are then used to perform specific functions, while keeping their malicious operations well hidden from users.

Botnets are typically used to send out spam emails, to engage in click-fraud campaigns and to generate malevolent traffic in distributed denial-of-service (DDoS) style attacks.

How does a botnet work?

The name botnet was created by combining the words network and robot. The term “bot” refers to the user device that has been infected with malicious code. The bot then becomes part of a dedicated network or “net” of enslaved machines all under the control of a single threat operator a cybercriminal gang. Those in command of botnets may be known as bot controllers, bot herders or bot masters.

Botnet malware usually seeks out devices on the internet that have vulnerable endpoints instead of targeting particular industries, firms, and individuals.

The aim of building a botnet is typically to infect as many interconnected computers and other devices as possible and to utilise the combined functionality and computing power of all captured devices to execute automated tasks that largely remain hidden to device users.

Example of a botnet in action

An ad fraud botnet is an ideal example. This type of botnet will infect a user’s PC with malware that employs the system’s web browsers to redirect fraudulent traffic to specific online advertisements. To remain concealed however, the botnet does not take total control of the web browser or operating system (OS), as such activity would alert the device user.

Instead, botnets will often use just a portion of the processing power supplied by a browser or OS. Running quietly in the background, they send an almost unnoticeable amount of internet traffic from the compromised PC to the targeted ads.

While on its own, this fraction of bandwidth stolen from a single device can’t offer much power to the threat operators running the fraudulent campaign, when part of a botnet involving millions of zombies, a massive volume of fake traffic can be generated.

A botnet infection will commonly spread via insidious software solutions such as spyware and malware. Botnet malware is usually engineered to automatically scan both devices and systems for common vulnerabilities that firms have failed to patch, leaving them open to attack.

Keep your systems safe from attack

At Galaxkey, we recommend that all apps, software, and operating systems used by your business are immediately updated as soon as new versions become available. Our secure workspace offers enterprises additional protection from attacks and has zero backdoors for hackers to exploit and cutting-edge encryption. Contact us today for a free trial.