What Are Botnets? Botnet Attacks Explained

/in


Botnets (derived from “robot networks”) are networks of computers or devices that have been compromised by malware and are under the control of a remote attacker (often called a botmaster or bot herder).

Bad actors can launch malicious attacks like distributed denial-of-service (DDoS), credential theft, service disruption, spam campaigns, or click fraud, or use botnets to gain unauthorized access to critical systems. Many of these could crash or cripple an organization’s IT infrastructure.

How do botnet attacks work?

A botnet attack is activated when a malicious actor takes control of multiple computers (zombie devices or bots) in a network and infects them with malware. These bots become a network of enslaved computers. The bot herder (or bot master) uses them to launch attacks on enterprise networks, such as sending spam, stealing sensitive data, or even crashing websites.

The bot herder uses a command-and-control (C&C) server to communicate with the zombie or bot computers—the infected computers that make up the botnet—and issue commands, allowing the attacker to coordinate the actions of the botnet and direct its resources toward a specific target.

Command-and-control servers in botnet attacks

There are two types of C&C servers: centralized and decentralized. Both are susceptible to botnet attacks, but the approach is different.

Centralized: Client-server model

On a centralized C&C server, the bot herder and bots are connected to the same central hub for communication and commands. The bot herder issues commands to the bots, and they respond by sending back information or executing the commands. 

This makes the C&C server a single point of failure, which can be taken down by law enforcement or security researchers.

Decentralized: Peer-to-peer (P2P) model

This model requires each infected device to communicate directly with other bots, and the bot herder can issue commands to the entire botnet or specific bots through a single bot. 

This type of C&C server has no single point of failure, making it more difficult for defenders to shut down.

Stages of building a botnet

There are three stages of building a botnet: prepare…

Source…