News about internet crimes often mentions "bots", "zombies", and "botnets". It's not hard to figure out from the context that these are computer or network security threats. But what exactly are they, how do they work, and what kind of damage can they cause?
A bot, short for "robot", is a type of software application or script that performs automated tasks on command. Bad bots perform malicious tasks that allow an attacker to remotely take control over an affected computer. Once infected, these machines may also be referred to as zombies.
Are you prepared for today’s attacks? Discover the year’s biggest cyber threats in our annual Threat Report.
Although taking over one computer is useful, the real value to a criminal comes from collecting huge numbers of zombie computers and networking them so they can all be controlled at once to perform large-scale malicious acts. This type of network is known as a "botnet".
How Do Botnets Work?
Botnets have been one of the most common methods of malware deployment for the past decade, infecting hundreds of millions of computers. As botnets infect new technologies, such as Internet of Things (IoT) devices in homes, public spaces, and secure areas, compromised systems can put even more unsuspecting users at risk.
They perform large operations while remaining small
Most people would be shocked to learn that the spam they're receiving is coming from thousands or even millions of computers just like their own. The real owners of those computers can still use them, and are probably totally unaware that anything is wrong, except perhaps that their computer sometimes seems slow. Most botnets have an extremely small footprint, meaning they bog your system down or use a lot of system resources, so it can be difficult to recognize when your machine is being used by a criminal for malicious purposes. They also typically have the ability to mask themselves, so they can perform large-scale attacks without getting noticed.
They compromise open-source and unsecured devices
Mirai, a botnet discovered in 2016, primarily attacked IoT devices, including cameras and internet routers. Essentially, devices infected with Mirai malware became bots that would scan the internet to locate IoT devices. Mirai would then use common default usernames and passwords set by device manufacturers to try to infiltrate and infect those devices. For the most part, infected devices would function normally, even as they were used in major distributed denial of service (DDoS) attacks.
It only takes minutes for an unprotected, internet-connected computer or another device to be infected with malicious software and turned into a bot, underscoring the critical need for every computer and smartphone user to have up-to-date internet security software on all their devices and to always change factory default usernames and passwords.
Why do Cybercriminals use Botnet Attacks?
To steal financial and personal information
Hackers may use botnets to send spam, phishing, or other scams to trick consumers into giving up their hard-earned money. They may also collect information from the bot-infected machines and use it to steal identities and run up loan and purchase charges under the user's name.
To attack legitimate web services
Criminals may use their botnets to create DoS and DDoS attacks that flood a legitimate service or network with a crushing volume of traffic. The volume may severely slow down the company’s service or network’s ability to respond or it may entirely overwhelm the company’s service or network and shut them down.
To extort money from victims
Revenue from DoS attacks comes through extortion (pay or have your site taken down) or through payments by groups interested in inflicting damage to a company or network. These groups include "hacktivists" — hackers with political agendas as well as foreign military and intelligence organizations.
To make money from zombie and botnet systems
Cybercriminals may also lease their botnets to other criminals who want to send spam, scams, phishing, steal identities, and attack legitimate websites, and networks.
Tips to Prevent a Botnet Attack
If you have not installed security software and ensured that it is turned on and kept up-to-date your machine is likely infected with all kinds of malicious software. Here are a few steps you should take to protect your systems from botnet infiltration:
- Set your antivirus and antispyware programs to update automatically.
- Routinely check for browser and operating system updates and patches.
- Only click internet links or open emails if you trust the source.
Common user risks occur when downloading content from unknown sites or from friends that don't have up-to-date protections and unwittingly pass infected files to other users. When people download compromised files, the malicious code can evade weak security checkpoints which might have tried to quarantine and remove the malware. Always use extreme caution when downloading information or files from someone whose computer is not protected.
Malware developers are always looking for new ways to get around security measures, and there is the risk of infection because of actions taken by you or by another person who used the computer or system. Be sure to use advanced internet security software that can detect and stop viruses and other malware, even if you accidentally click a link, download a file, or take other actions that can let infections onto your machine.