BrowserStack: "We did get hacked."

The Facts about Botnets

What is a botnet?

Although not malware themselves and originally even designed to be helpful, botnets are currently considered the biggest threat on the internet.

By definition a botnet is a herd of slave computers, often referred to as zombies, that are under control of a botnet operator that runs or controls the C&C (command and control) server(s). Botnets are being used for multiple tasks including: denial-of-service attacks ( DDOS ) , spreading spam, bitcoin mining, clickfraud and stealing personal and financial information. They also distribute malware, including the kind that can turn your computer into a zombie in order to make the botnet grow.

How do they make money?

Most botnets are for hire, which means if you have enough bitcoins and know where to find them maybe you can hire a botnet.

These botnets-for-hire make it difficult to define what any specific botnet is intended to do, as that goal may change depending on the highest bidder. This is also the reason why most have several non-related goals. Some like the so-called Bedep botnet only host malware as a download source for an exploit kit. Others like the Kovter botnet seem to specialize in ransomware.


“Botnet” by Tom-b – Own work. Licensed under CC BY-SA 3.0 via Wikimedia Commons.

Could I be part of one?

Since reportedly many millions of computers are being used as zombies, there is that chance.

Most of these computers are home systems. Tell tale signs: your computer is extremely slow at times, your internet connection is slow (or seems to be, because it is being used to send spam) and you regularly find Trojans on your computer when performing a scan. “Scrumping” is the term sometimes used for the stealing of resources from an infected computer by a botnet.

Computer owners often fail to use effective firewalls and other safety measures. It certainly can’t hurt to check if your computer is not enlisted in an army whose goals conflict with your own.

How can I get out?

Scan your computer for malware, for example with Malwarebytes Anti-Malware and review your security software and settings.

What is being done against these botnets?

  1. There are private (MalwareMustDie) and business (Microsoft Digital Crimes Unit) initiatives that cooperate with (inter)national law enforcement agencies like the FBI and Interpol in, sometimes successful, attempts to take down or dismantle botnets.
  2. There is also an international conference held yearly called Botconf.
  3. There are web-filtering services that monitor for unusual or know malicious behavior, which notify Website operators and ISPs when malware has been discovered, so hacked servers can be cleaned up or taken offline. At Malwarebytes our researchers habitually report hacked sites and servers, as I’m sure other security companies do as well.
  4. ATLAS maintains a real-time database of malicious botnet command and control servers that is continuously updated.

But the times, when you could simply bring down a whole botnet by seizing the C& C server, are behind us. Nowadays the botnet operators utilize a range of C&C servers or even p2p networks to control their bots.

Some botnets you might have heard of

The botnets listed below had their 15 minutes of fame for various reasons.

  • Koobface is a botnet that for the biggest part relies on social engineering (Facebook) in order to spread. Koobface is typically used for data theft.
  • Zeus did not limit itself to Windows computers, but it had a component that stole online banking codes from several mobile devices running Symbian, Windows Mobile, Android and Blackberry.
  • Windigo is a spam-botnet that focuses primarily on Unix servers.
  • The Flashback botnet however, focuses on Macs.
  • The ASProx botnet became famous for compromising the Sony PlayStation website in order to spread their payload.
  • The Sefnit botnet made headlines when it took over the Tor network almost overnight and left all its users open to further infections.
  • Gameover Zeus has been used for the distribution of the CryptoLocker ransomware.
  • The Conficker botnet managed to infect millions of computers in over 200 countries in a relatively short period. These included government and large businesses systems.
  • Kovter is known to spread a great deal of ransomware like the one responsible for the recent suicide of a teenager that fell victim.


Summary: botnets are currently one of the worst threats on the internet. They try to use our computers to do their dirty work for them. Don’t let them! Save yourself the hassle and get protected.


Recommended reading:

Digital Detectives

Top 5 Scariest Zombie Botnets

Krebs interviews 0x80 botnet operator in 2006

FBI: taking down botnets


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.