Malware is likely one of the biggest threats to the security of your personal computer today. Over time, it has gotten more and more capable of advanced cybercrime. Some malware can even recruit your computer to perform illegal activities on a hacker’s behalf.
In this article, we’ll look at one of the most notable cyberthreats: botnets. In addition to explaining what they are, you’ll learn how they work and how to stay safe.
What is a botnet?
A botnet is a network of devices (known as “bots” or occasionally “zombies”) that a hacker controls remotely. To form a botnet, an attacker takes over devices like home computers, routers, printers, and other devices.
The precise definition has changed as botnets become more advanced and all-encompassing. Modern bot software frequently comes in the form of a Trojan horse, where it’s hidden within a fake application. Other times, it spreads through security vulnerabilities in a worm-like manner.
How do botnets work?
In its simplest form, the bot software on infected computers simply listens for commands from a central command and control (C2) server. The operator—usually a hacker or a hacker’s customer—pushes commands to all of the infected bots in one go. These commands can range from starting a distributed denial of service (DDoS) attack to downloading additional software.
This simple type of botnet uses what is called the client-server architecture. While hackers commonly choose this architecture for its ease of implementation, it’s also simple to shut down. Law enforcement can simply seize the domain used for the C2 server or order an internet service provider to block traffic from the hacker.
More recently, botnets have started to use the more advanced peer-to-peer (P2P) architecture. Just like how BitTorrent uses client devices that both upload and download a file, P2P botnets turn infected devices into relays for commands from the operator. This way, even if law enforcement shuts down one primary C2 server, bots can continue to communicate and receive commands.
To arrive on a victim’s computer or other device, bot malware can use a number of techniques. Sometimes, victims unwittingly install it through fake emails containing malicious attachments. Other times, it propagates from one bot to another using security vulnerabilities, similar to a worm.
In general, botnets are some of the most sophisticated types of malware in existence. They’re used in many of the largest cybercrime cases worldwide, in addition to smaller attacks. The largest botnets have had hundreds of thousands of infected bots connected.
How to protect your PC from becoming a bot
To avoid inadvertently bolstering cybercrime or becoming a victim yourself, you should protect your computer as much as possible. While protecting yourself against botnets requires similar care and strategies to protecting yourself from other malware, some specific points differ. Here are some of the most important areas:
- Be careful with email attachments, downloads, and other potential malware sources. If you download files from untrustworthy sources without the appropriate care, you’re exposing yourself to all sorts of malware, not just botnets.
- Update your computer regularly. Worm-style botnet malware uses security vulnerabilities—usually ones that operating system vendors already patched—to propagate. Be sure to update your computer regularly to avoid falling victim to this type of attack.
- Configure your firewall correctly. Both Windows and macOS come with built-in firewalls. While using a firewall doesn’t guarantee that you’ll be immune from botnets, you can block many C2 connections this way.
How to protect your router and IoT devices
While your computer might be the most visible device you use on a daily basis, Internet of Things devices can also be attacked. One particularly popular target for botnets is routers. Routers generally have full, unrestricted Internet access as part of their job. Plus, cheaper routers don’t get patches from their manufacturers regularly.
These issues add up to create the perfect storm. With simple security vulnerabilities, hackers can take over huge numbers of routers and other IoT devices. To keep your devices out of botnets, follow these suggestions:
- Don’t purchase hardware that doesn’t get good support. Cheaper and unreputable hardware often doesn’t get updates beyond a year or two after its release. Buy from vendors who are known to provide good long term support.
- Update your IoT devices just like you do your laptop and phone. While you might interact with your computer for more hours per day, don’t hold off on updating the products behind the scenes.
- Reboot your router regularly. Many attacks used for botnets aren’t persistent. This means that a simple reboot can clear your device back to a known-good state, even if it can be hacked again in the future. Rebooting your device with regularity can make a last line of defense.
How to remove your device from a botnet
If your PC, router, or another device on your network is a part of a botnet, you should address the problem as soon as you can. To clean up your device from a botnet, use these ideas as a general guide:
- If you’re using a desktop or laptop computer, wipe and reinstall it. Even seasoned IT professionals have a hard time removing malware by hand. It’s much easier to just wipe it and start fresh with a backup.
For an IoT gadget, try updating it. If you can’t find an update that fixes the vulnerability, you might need to buy a newer model.
- If all else fails, contact the manufacturer. They might be willing to replace your device under warranty. They could also have a software fix that you couldn’t find on your own.
Is creating a botnet illegal?
Definitely. Unless you have permission from everyone whose computer you use, creating a botnet is illegal. The tasks that most hackers use botnets for—like DDoS attacks—are also illegal on their own.
Some legitimate “distributed computing” projects, like [email protected], which uses your spare computer power to fold proteins to improve medicine, share similarities with botnets. These projects have centralized servers that distribute work to clients. However, users give their consent to install this software and it’s used for above-board purposes, like fighting disease.
Many of the highest-profile examples of cybercrime in recent years have involved botnets. Here are some of the most recognizable examples:
- ZueS. This botnet, which started life as a banking Trojan, has infected over 13 million computers since its debut in 2007. Due to its use of advanced cryptography and peer-to-peer control, governments have been unable to stop it.
- Mirai. Involved in a number of significant DDoS attacks, Mirai compromised Internet of Things devices on an unprecedented scale. While it has mostly subsided from its peak, when over 500,000 devices were infected, Mirai demonstrated the power of IoT botnets.
- 3ve. Unlike the other botnets, this one harnessed its powers to impersonate people while clicking ads on fraudulent sites. By clicking enough of these ads, 3ve made an estimated $30 million for its creators. Eventually, it was shut down through the combined efforts of the FBI and major tech and security companies.
What is a botnet attack?
The term "botnet attack" refers to any type of cyberattack carried out with the use of a botnet. Some of the more common cyberattack types using botnets are phishing and DDoS.
What is the biggest botnet?
It is impossible to know what botnet is the biggest at any given moment. However, offshoots of the Mirai botnet still loom large, as does Trickbot.
Can botnets be used for good?
Typically, the term "botnet" refers to a criminal undertaking. In other words, a botnet can only be formed using illicit means. With that said, there's no technical reason botnets couldn't be used for good.
There are also entities that are similar to botnets created with the consent of the users involved. These are usually known as "distributed computer networks."