A botnet is a collection of networked computers which work together to complete tasks. These tasks are usually repetitive in nature, or are otherwise structured to best take advantage of distributed computing resources. While some botnets are used for legitimate purposes, many are designed for malicious uses.
Malicious or illegal botnets are at the heart of many high-profile hacking incidents, such as the distributed denial-of-service attack which targeted Sony’s PlayStation Network in 2014. They can also be used to distribute e-mail spam, generate false clicks on advertising networks, and to hide other malicious activity. Illegal botnets are big business stealing computing resources from legitimate owners and turning them into profits for malicious hackers.
How Botnets Work
Nearly all illegal botnets recruit member machines by tricking their users into executing malicious code. This code may be delivered via a web page designed to take advantage of a flaw in the user’s browser, or it may be executed as part of a “Trojan horse” program which masquerades as legitimate software while infecting the computer.
Once these computers are compromised, they reach out to a central “command-and-control” server to receive further instructions. Usually, this means downloading and installing additional software behind the user’s back. Once installed, this software gives hackers total control over the machine, allowing them to execute whatever commands they wish.
Because using only a single command-and-control server could leave the botnet vulnerable to a “takedown” by an astute systems administrator or law enforcement agency, many employ a redundant, peer-to-peer architecture to protect themselves.
In any case, the command-and-control system of a botnet allows hackers to direct the activities of its individual computers as they see fit, without the consent or knowledge of the computers’ owners.
Common Uses of Illegal Botnets
The most widely known use of illegal botnets is in distributed denial-of-service attacks. In a distributed denial-of-service attack, hackers use a botnet to overwhelm a computer or network with massive amounts of seemingly-legitimate traffic, aiming to prevent the target from servicing its intended users.
Another common use of illegal botnets is in generating and distributing e-mail spam. Because most responsible systems administrators configure their mail servers in a way which prevents outside users from using them to relay messages, this makes them off-limits to spammers. With access to a botnet, spammers can force the member machines to send e-mail on their behalf, circumventing any controls the systems administrators put in place.
In addition to e-mail spam, another profitable use of an illegal botnet is “click fraud.” In this case, the hackers establish several web sites designed to show advertising from one or more ad networks, then direct their botnet to these sites in order to artificially drive up clicks on the ads and increase their own revenue while advertisers pay the price.
Countering Illegal Botnets
Unfortunately, there is little an individual or small business can do to counter the activities of a botnet, beyond taking steps to prevent their own systems from being recruited. Ensuring that system updates are installed in a timely manner, monitoring your network for suspicious activity, and running trusted anti-virus and malware defense software is often all you can do.
The individual members of a botnet are usually scattered across the world, their locations so geographically diverse that no single jurisdiction has the authority to investigate or shut them down. And while some botnets employ a single command-and-control server, leaving them vulnerable to a takedown, more and more are using distributed peer-to-peer systems which require highly-coordinated efforts to dispatch.
Some computer and network security companies have releasee specialized tools to detect and combat botnets, but the most effective systems rely on expensive network appliances designed to analyze network traffic and warn administrators when they detect abnormal patterns of usage.
Despite these efforts and technologies, some botnets have persisted for years even after being discovered. For example, in 2012, the “Festi” botnet (originally designed to send e-mail spam) was estimated to consist of more than 200,000 computer systems, even though it had been discovered three years earlier.
Because of their persistence, the computing resources they steal, and the dangers they pose, botnets are among the most serious computer security threats out there. And while strategies do exist to detect and limit their activities, it’s unlikely they’ll lose their place as a top threat any time soon.