Services
Managed IT
Solutions
Security
Partners
About Us

Botnet

Botnet —  a network of infected ‘zombie’ computers (bots), which are most often used by hackers to organise DDoS attacks and mass spamming, but also for more intricate activities, such as cryptocurrency mining. In most cases, a botnet is run by a server (client-server model); less often it is a decentralised network (P2P). A botnet can consist of millions of infected computers.

The botnet’s client software is a hybrid of a Trojan and a rootkit by design. Signs of infection are usually not evident until the bot receives a command to activate. During its operation, Internet traffic and resource load increase (this, by the way, is a possible sign that the device has become a bot).

In addition to mass mailings and attacks, botnets spread viruses and steal personal data. Malware may include a downloader that downloads Trojans and other viruses over the network, updates an old version of the bot, etc.

In addition to mass mailings and attacks, botnets spread viruses and steal personal data. Malware can include a downloader that downloads Trojans and other viruses over the network, updates an old version of the bot, etc.

Most bot versions support a proxy function so that the infected computer can act as a proxy server, masking the real address of the attacker’s server. The most common use case is DDoS attacks that can disrupt a website or network (e.g., a network of IoT devices). DDoS attacks are often ordered by competitors, such as online shops and financial organisations, whose main customer traffic comes from the Internet, and prolonged downtime can cause serious losses. Therefore, advanced botnets such as Emotet or Dridex are quite profitable businesses.

In about half of the cases, a computer turns into a bot after downloading a trojan. But this method is considered old-fashioned due to the ever-increasing improvement of anti-viruses.

An example of a more sophisticated infection: a hacker scans blogs and forums, finds vulnerabilities in them, straps an exploit (executable malicious code) to the site, which is activated through a hole in the browser when the user visits the infected resource.