Have you ever wondered where hackers get resources for mass campaigns? Some malicious online operations can require an army of computers to execute effectively. To launch these attacks, bad actors usually don’t wait for Black Friday computer sales and max out their credit cards on a shopping spree buying hundreds of computers. Instead, they often utilize botnets.
The word botnet is a blend of the words "robot" and "network." Here’s a brief botnet definition: a botnet is a network of computers running bots under the control of a bot herder. Bots are software applications that run automated scripts over a network, while a bot herder is a person controlling and maintaining the botnet.
News on botnets
- Android devices caught in Matryosh botnet
- IoT forecast: Running antivirus on your smart device?
- Electrum DDoS botnet reaches 152,000 infected hosts
- Malwarebytes helps take down massive ad fraud botnets
- Inside Neutrino botnet builder
Are botnets bad?
There is nothing inherently evil about a botnet. Botnets can perform many repetitive tasks. They can allow a bot herder to grow, automate, and speed up operations by accessing more resources from participants. For example, the crowdsourced scientific experiment, SETI@home, is a voluntary botnet in the Search for Extraterrestrial Intelligence (SETI).
Unfortunately, the term botnet has negative connotations because bad actors often use the technology for malicious purposes. Malicious botnets develop through malware distribution. You can think of a malicious botnet like the Borgs from Star Trek.
Just like how the Borgs assimilate individuals into drones for the Collective, computers secretly infected by a botnet agent unwittingly become part of the botnet and report to the bot herder’s command and control servers. Here, the bot herder can use the botnet for some of the following operations:
Mass email spam campaigns
Spam botnets can send over a hundred billion spam messages per day. Some spam generated by botnets is merely a nuisance. However, more dangerous spam botnets can carry out phishing campaigns, distribute malware, spread more bots, and steal sensitive information. You can read about the Emotet botnet to learn more about spam campaigns.
Botnet DDoS attacks can utilize your computer’s resources to launch distributed denial-of-service (DDoS) attacks. This type of attack involves sending excessive traffic to a website or service to overwhelm it. Depending on the nature and scale of an organization, a DDoS attack can be a minor annoyance to permanently damaging.
Fake Internet traffic generation
Ad fraud botnets can use your web browser to send traffic to online advertisements without your consent. The process defrauds marketers by generating fake traffic and earning revenue. Such botnets are hard to notice because they use very few resources.
Remote Desktop Protocol (RDP) attacks
An RDP attack allows hackers to exploit network security flaws and drop malware like ransomware. Cybercriminals can use Botnets like GoldBrute to hack RDP servers. RDP attacks are so serious that even the FBI has issued a warning.
Internet of Things (IoT) Attacks
The Internet of Things (IoT) is the system of billions of Internet-connected devices that collect and share data without human intervention for user benefit. For example, a driverless truck that collects and transmits data through sensors is an IoT device. Botnets like the Mirai botnet scan the Internet for Internet of Things devices and infect them.
Additionally, a cybercriminal can use a bot to breach your security and privacy in several ways:
- Monitor your keystrokes
- Steal your login credentials
- Steal your intellectual property
- Steal financial data
- Take advantage of backdoors
Signs your computer could be part of a botnet
A botnet infection is dangerous because its symptoms aren’t always cut and dry. Botnet symptoms can result from another type of malware, hardware issues, or software updates. Download Malwarebytes free to scan your computer for malware, and review your security settings if you notice some of the following symptoms, just to be safe:
- Unexplained activity: You notice that your processor, hard drive, or computer fans are running excessively and without cause.
- Slow Internet: Your Internet is slower than usual. You notice that your router is working furiously, but you’re not downloading or uploading anything, nor are you updating software.
- Slow reboots and shutdowns: Malicious software can cause a computer to shut down slowly. For example, if your computer is actively participating in a botnet, it may take time to shut down.
- Applications are crashing: Programs that loaded and ran seamlessly before are buggy now.
- Excessive RAM usage: Botnets can consume memory. Check to see if a mysterious application is using a large percentage of your RAM.
- Mysterious emails: People on your contact list complain that you sent them SPAM or malicious emails.
- Unsafe habits: You haven’t downloaded critical security patches for your operating system, or you opened malicious links, downloaded unsafe software, or went to an unsafe website.