What is it?
A network of computers that have been infected by a malicious software program -- a bot -- which turns them into zombie machines that can be remotely controlled by an attacker without the zombie machine owner’s knowledge.
Why is it important?
Cyber criminals use botnets, which can contain from 100 to over 100,000 zombies, as free resources to execute attacks. A botnet can execute Distributed Denial of Service (DDoS) attacks, store illegal content, and send spam, viruses, phishing email, and spyware.
Why does a business professional need to know this?
Cyberattacks using botnets are on the rise. On October 21, 2016, top internet websites were not accessible for most of the day due to a Distributed Denial of Service (DDoS) attack caused by the Mirai botnet(Hilton 2016). The Mirai botnet attacked the managed domain name server (DNS) infrastructure of the internet infrastructure firm Dyn. The attack stopped after it was mitigated by Dyn’s engineering and operations team. Dyn estimated there were at least 100,000 Mirai zombies used in the attack.
A computer can be infected by a bot when an end user clicks on a link or opens an attachment that contains the bot. Another method of infection is when a bot exploits a vulnerability in the computer software.
Zombie machines are controlled by a cybercriminal called a bot-master or a bot-herder. The bot-master sends instructions to the zombies through a command-and-control center.
A cybercriminal can use a botnet in many ways, including the following:
- To launch large-scale DDoS attacks, rendering the target unavailable until the cyber criminal stops the attack or traffic to the target is sanitized and normal operations restored
- To store illegal content on zombie computers
- To steal data such as credit card numbers, bank credentials, and other sensitive information from zombie machines
- To send spam, viruses, phishing email, and spyware
- To execute click fraud, by repeatedly clicking on ads to generate fraudulent hits
Possible symptoms of a bot infection include: slow internet connection, low system performance, system crash, or mysterious messages. Antivirus software can often detect the existence of a bot, remove it, and restore normal operations.
To prevent computers tablets, smartphones, and other devices from being infected by a bot (or any malicious software), install an antivirus program, educate end users of the risk associated with clicking on URL links or opening attachments from untrusted sources, install patches as soon as they are released, and setup the system to automatically install updates.
- (Washington State) Botnet facts: Washington State Attorney General. An introduction to botnets, including practical advice on preventing infection and removing malware.
- (Symantec) Bots and Botnets - A growing threat: Symantec. An introduction to botnets and advice on protecting networks from infection.
- (Scoudis 2007) What are the best bot detection tools?: Skoudis, Ed (2007). TechTarget Security. Introduction to anti-malware tools with a discussion about signature and heuristic detection techniques.
- (Hilton 2016) Botnet in the news - Dyn Analysis summary of Friday October 21st attack: Hilton, Scott (2016). Analysis of Distributed Denial of Service attack sustained by cloud infrastructure company, Dyn.
- (Gheorghe 2016) Inside the Million-Machine Clickfraud Botnet: Gheorghe, Alexandra (2016). Bitdefender Labs. An introduction to malware and click fraud.