{"id":309,"date":"2023-04-11T07:39:24","date_gmt":"2023-04-11T07:39:24","guid":{"rendered":"https:\/\/dataprot.net\/?p=309"},"modified":"2023-07-14T06:57:42","modified_gmt":"2023-07-14T06:57:42","slug":"what-is-botnet","status":"publish","type":"post","link":"https:\/\/dataprot.net\/articles\/what-is-botnet\/","title":{"rendered":"What is a Botnet? | Cyberattack Technique Explained"},"content":{"rendered":"\n
With the recent string of high-profile attacks, ransomware has taken center stage when it comes to malware. However, that doesn\u2019t mean that other forms and methods of cyber attacks have stopped being a threat. Some are still very actively used and dangerous, even though they might not carry the aura of infamy and notoriety they once did.<\/p>\n\n\n\n
One of those is botnets, which are responsible for a whole range of different types of attacks.<\/p>\n\n\n\n
So, what is a botnet? The short botnet definition would go like this: an interconnected network of malware-infected devices used to conduct cybercriminal activity.<\/p>\n\n\n\n
There are multiple types of botnets, and they can be used for various purposes. Let\u2019s take a closer look at how this pervasive form of malware functions.<\/p>\n\n\n\n
The term botnet is derived from the words \u201crobot\u201d and \u201cnetwork.\u201d The reason why \u201crobot\u201d is part of the name is that botnet attacks are automated, with computers in the botnet automatically performing issued commands. Botnets work by infecting computers and other internet-connected devices, with each afflicted device being added to the network.<\/p>\n\n\n\n
The initial devices added to the botnet can be infected through any form of traditional malware planting. Hackers can do it by exploiting software vulnerabilities, email, weaknesses in cyber security, and so forth. Once a botnet collective has been formed, it has the ability to \u201crecruit\u201d more devices into the \u201crobot\u201d network.<\/p>\n\n\n\n
Owners of infected devices are largely unaware that their computer is part of a botnet. This is why computers in the botnet are often referred to as the \u201czombie army\u201d – they become unwitting servants to someone with nefarious plans. Instead of brains, they look for more devices to infect, though.<\/p>\n\n\n\n
Owners of bot networks are called \u201cbot herders\u201d or \u201cbotmasters.\u201d A bot herder controls the botnet remotely through command and control (C&C or C2) servers. Through a botnet server, the herder can issue commands to the network, which each affected zombie computer has to follow.<\/p>\n\n\n\n
The methods of issuing commands can differ between hackers. One of the most commonly used ways in the past was through IRC channels. Once infected, devices would be forced to join a designated IRC channel automatically. The bot creator would then use that channel to send and disseminate commands, telling devices the things they need to do.<\/p>\n\n\n\n
This method of sending commands through IRC channels falls into the category of centralized botnets (also referred to as client-server botnets). A centralized botnet structure functions by the bot herder sending instructions to each zombie device directly.<\/p>\n\n\n\n
While easier to set up, they also make it much easier for government agencies and cybersecurity companies to determine the botnet owner. Hence, the majority of cybercriminals<\/a> today favor the decentralized botnet structure.<\/p>\n\n\n\n In a decentralized, peer-to-peer botnet, the bot herder can send the command to any infected device in the network, which can number in the thousands. The initial command recipient then automatically disseminates the instructions to the rest of the botnet.<\/p>\n\n\n\n As you might assume, this way, it\u2019s much harder for anyone to track down where the botnet commands originate from, and it\u2019s thus more difficult to shut down the network or prosecute its creator.<\/p>\n\n\n\n One of the most well-known botnets called Zeus<\/a> switched from a centralized to a decentralized model to continue its operations. Zeus or Zbot is a particularly insidious botnet that came to existence sometime during 2007.<\/p>\n\n\n\n Zeus was one of the most widespread botnets in history, with its network numbering 3.6 million bots in 2009. It was used to steal financial information from its targets while adding more devices into the botnet.<\/p>\n\n\n\n When the operations of the Zeus botnet were disrupted in 2010, it found new life under the name GameOver Zeus<\/a>, switching to a decentralized botnet model instead of a centralized one. Thanks to these adaptions, Zeus and its various offshoots plague us to this day.<\/p>\n\n\n\n