Skip to content

Term of the Week: Botnet

What is it?

A network of computers that have been infected by a malicious software program -- a bot -- which turns them into zombie machines that can be remotely controlled by an attacker without the zombie machine owner’s knowledge.

Why is it important?

Cyber criminals use botnets, which can contain from 100 to over 100,000 zombies, as free resources to execute attacks. A botnet can execute Distributed Denial of Service (DDoS) attacks, store illegal content, and send spam, viruses, phishing email, and spyware.

Why does a business professional need to know this?

Cyberattacks using botnets are on the rise. On October 21, 2016, top internet websites were not accessible for most of the day due to a Distributed Denial of Service (DDoS) attack caused by the Mirai botnet(Hilton 2016). The Mirai botnet attacked the managed domain name server (DNS) infrastructure of the internet infrastructure firm Dyn. The attack stopped after it was mitigated by Dyn’s engineering and operations team. Dyn estimated there were at least 100,000 Mirai zombies used in the attack.

A computer can be infected by a bot when an end user clicks on a link or opens an attachment that contains the bot. Another method of infection is when a bot exploits a vulnerability in the computer software.

Zombie machines are controlled by a cybercriminal called a bot-master or a bot-herder. The bot-master sends instructions to the zombies through a command-and-control center.

A cybercriminal can use a botnet in many ways, including the following:

  • To launch large-scale DDoS attacks, rendering the target unavailable until the cyber criminal stops the attack or traffic to the target is sanitized and normal operations restored
  • To store illegal content on zombie computers
  • To steal data such as credit card numbers, bank credentials, and other sensitive information from zombie machines
  • To send spam, viruses, phishing email, and spyware
  • To execute click fraud, by repeatedly clicking on ads to generate fraudulent hits

Possible symptoms of a bot infection include: slow internet connection, low system performance, system crash, or mysterious messages. Antivirus software can often detect the existence of a bot, remove it, and restore normal operations.

To prevent computers tablets, smartphones, and other devices from being infected by a bot (or any malicious software), install an antivirus program, educate end users of the risk associated with clicking on URL links or opening attachments from untrusted sources, install patches as soon as they are released, and setup the system to automatically install updates.

References

About Tolu Onireti

Photo of Tolu Onireti

Tolu Onireti is a cybersecurity consultant. She has more than 10 years of cybersecurity experience in secure development lifecycles, management, and implementation of cybersecurity programs. She holds a master of science in telecommunication engineering and a bachelor of science in electrical and electronics engineering. Tolu has also worked at Cisco Systems, IBM, and Solutionary (NTT Security). She holds Certified Information Systems Security Professional (CISSP), Project Management Professional (PMP), and CompTIA Security+ certifications.

Term: Botnet

Email: Tonireti@gmail.com

Twitter: @tolutop

LinkedIn: linkedin.com/in/tolu-onireti-pmp-cissp-comptia-security-a835644

Leave a Reply