A botnet or robot network is a group of ‘bots’ or ‘zombie computers’ that run a computer application that is remotely-controlled and manipulated by the owner or the software source. Botnets may be legitimate networks of several computers that share program processing amongst them, or most often, groups of computers infected with malware, which present a security threat to the owner and others online. Once malware is installed on a computer, often without the user’s knowledge, the computer becomes a ‘zombie’ or a ‘drone’, unable to resist the control of the ‘bot controller’. In this type of cases anti malware software or anti virus protection
is necessary to be enabled.
Botnets vary in size and complexity - a large botnet may have ten thousand individual ‘zombies’, whereas a small botnet could have only a thousand ‘drones’. Occasionally enormous botnets are discovered – in July 2010, the FBI arrested a 23-year old Slovenian held responsible for the malicious software that integrated an estimated 12 million computers into a botnet. There are various types of malicious bots online. Some can infect other computers in the same fashion as viruses – while smaller, less sophisticated bots can’t.
A botnet can be used for a variety of malicious purposes including:
Denial of Service Attacks
A botnet can be used to launch an attack on a network or a computer system to disrupt service by hijacking the connection or consuming the victim network's bandwidth and overloading system resources. Denial of Service Attacks (DoS) can also be used to damage or take down a business competitor's website.
Spamming and Traffic Monitoring
A botnet can also take advantage of an infected computer's TCP/ IP's protocol for networking applications. It can use it in conjunction with other zombies in the botnet to harvest e-mail addresses or send huge quantities of spam or phishing e-mails.
To perform traffic monitoring, a bot can also function as a ‘packet sniffer’ to find and intercept sensitive information passing through an infected machine. Typically these bots look out for usernames and passwords which the botnet controller can then exploit.
Keylogging and Mass Identity Theft
Encryption software within users’ computers is designed to deter most bots from harvesting any real information. Unfortunately, bots have adapted to subvert this protection and install keylogger programs in infected machines. With a keylogger, the bot controller can use a filtering program to gather key sequences typed before or after keywords like “PayPal” or “Hotmail” to record passwords.
Bots may be used as agents for mass identity theft by instigating phishing e-mail campaigns in an attempt to trick users into volunteering personal information and passwords.
Botnets can also be used to spread and propagate other bots in the network by duping users into downloading malware which is then remotely executed through file transfer, the web or e-mail.
By automating clicks on a pay-per-click system, botnets can be used for financial gain. Zombies can be manipulated to automatically click on a site upon activation of a browser, to earn money from pay-per-click systems by artificially increasing the click counter of an advertisement.
What is a worm?
What is a rootkit?
What is a keylogger?
What is ransomware?
What is spam?
What is a Trojan horse?