What is a Botnet?
Top 5 Types & Examples
The number of cyber attacks has been on a steady rise in the last few years. Hackers are now targeting governments, businesses, and individuals around the world – and you may unknowingly be helping them carry out these attacks. If you’ve ever clicked on a link in a suspicious email only to have a similar email automatically sent to all your contacts, you were likely a victim – and an accomplice – of a botnet.
Key takeaway: A botnet is a group of computers controlled remotely by a hacker who uses their combined resources to carry out attacks against websites, computer networks, and internet services. If your computer is infected with malware, it may be part of a botnet. Read on to learn about the common types of botnet attacks and the ways to protect your computer.
What Is a Botnet?
A compound of the words robot and network, a botnet is a group of remote-controlled computers coordinated together to perform malicious tasks. A single botnet can comprise anywhere between a few hundred and a few million computers, commonly referred to as bots (short for robots).
Botnets can gain access to your machine via a malicious software installation, a direct hacker attack, or an automated program that monitors the internet in search of security deficiencies (i.e. a lack of antivirus protection) to exploit. If your computer or any other internet-connected device is infected with malware, it could be one of the bots that make up a botnet. If that’s the case, all other computers and devices in your network are also at risk of becoming part of the same botnet.
All computers in a botnet are remote-controlled by either a hacker or a piece of command-and-control software they have developed. Also known as a “zombie army”, these computers can be used by the botnet owner to send out spam emails, shut down websites, or generate revenue by creating fake internet traffic or advertising paid downloads of fraudulent botnet removal software.
As with many other technologies, botnets weren’t originally designed for malicious purposes. In the early days of the world wide web, they were primarily used to host Internet Relay Chat (IRC) networks. However, it didn’t take hackers too long to identify the main security vulnerabilities of the original botnets and to start exploiting these insufficiencies for their own gain.
Nowadays, botnets are a major cybersecurity threat that can take down large computer networks in a matter of seconds and keep them down for hours, if not days. Hackers use botnets mainly because the power of a “zombie army” hundreds of thousands strong allows them to carry out much larger attacks than they otherwise could. In addition, hiding behind so many computers makes it possible for them to disguise the actual source of the attack and avoid getting caught and punished for their cybercrimes.
What Types of Botnet Attacks Exist?
In most cases, botnet-spreading malware won’t affect your computer in any visible way, which is why it can be very difficult to detect. It should thus come as no surprise that about one-third of all the computers in the world are either already part of a botnet or at a high risk of being turned into a bot.
Botnet owners can use your computer to carry out a variety of actions and attacks against other computers, networks, and websites. Some of the most common botnet attacks include the following:
- Distributed Denial-of-Service Attacks
Botnets are often used to launch Distributed Denial-of-Service (DDoS) attacks against networks, websites, and online services. They use their “zombie army” of machines to generate abnormal amounts of traffic to websites with the goal of eating up their bandwidth and/or overloading their resources. The ultimate objective is to disrupt the functioning of these websites and prevent users from accessing them.
According to statistics, most attacks occur in countries with large economies, such as China, the United States, and South Korea. As the focus of these attacks has gradually shifted from private users to business networks, the botnets that are used to carry them out have become much more powerful, too.
- Cryptocurrency Mining
In recent years, many media outlets have reported on cryptocurrency mining botnets. They are distributed and operated in the same way as any other botnet. However, instead of using your computer to attack other networks, they use its resources (e.g. bandwidth and electricity) to mine cryptocurrency. As long as they remain undetected, these botnets can generate a sizable steady income for their owner. Due to the nature of digital currency, this income is not only impossible to trace but also tax-free.
Cryptocurrency mining botnets target private users just as often as they do businesses and other large networks. At the moment, Monero is the preferred digital currency of mining botnet hackers for very simple reasons. Whereas a single Bitcoin is worth thousands of dollars, a Monero is priced at around $100, which is small enough not to raise any suspicion. At the same time, the value of this digital currency is expected to skyrocket sometime soon, which could result in huge financial gains for hackers.
- Email Spamming
Some botnets also use a special proxy to send out spam email messages from an infected computer or network. These spam messages include phishing emails that contain links to malicious websites or compromised downloads. The recipient only has to click on the link to initiate the download of malicious software and become part of the same botnet that targeted their computer. In many cases, spam bots will send out the exact same email to addresses from your contacts list, thus continuing the botnet chain.
- Browser Add-On Installation
When they’re not attacking other networks or mining digital currency, some botnets generate revenue for their owners by showing ads in your browser. They will quietly install browser add-ons – usually toolbars – that will change your homepage to a fake (albeit real-looking) search engine. Each time you hit enter to look up something, a pop-up window will appear and count as a paid click for the botnet owner.
In addition, some botnets will use malicious code to remove banners from the websites you normally visit and replace them with fake ads that generate revenue for the attacker. This allows botnet owners to profit off of other people’s content and cut an important source of revenue for the websites in question.
- Theft of Personal Information
There are several ways how botnets can use malicious software to harvest your personal information. For one, they can monitor your web traffic in search of sensitive information like usernames and passwords. They can also use keylogging software to collect any personal information that you enter into your browser, even if it’s shown as encrypted on your computer screen. This can include your website login details, as well as addresses, phone numbers, credit card data, and PayPal credentials.
Examples of Botnet Attacks
Powerful botnets were responsible for some of the largest, most devastating cyber attacks in the last few years. The most notable examples include the following:
- The 2018 GitHub Attack – In February 2018, a large botnet carried out the largest DDoS attack ever recorded. Generating peak incoming traffic of an unprecedented 1.35Tbps, the attack took GitHub, the largest software development platform on the internet, offline for a few minutes.
- The 2014 Hong Kong Attack – The 2014 political unrest in Hong Kong provoked the then-largest DDoS attack in history when at least a few large botnets joined forces against pro-democracy websites in the country. Many have accused the Chinese government of this attack, but the actual perpetrator remains unknown.
- The 2016 Mirai Attack – Named after a popular anime series, Mirai was a botnet consisting of more than 100,000 computers. It made the news in 2016, when it launched attacks against several cybersecurity companies, generating traffic volumes of 1Tbps and taking down a large part of their online infrastructure.
How to Protect Your Computer from Botnet Malware
Since most botnets are distributed via malicious software, you need to use the best antivirus software to protect your computer from malware and threats to your online safety. Many users opt to install free antivirus and anti-malware software, but that might not be a good choice. At best these programs will provide insufficient protection; at worst they may just be malware masquerading as legitimate software.
To ensure optimal protection, you need antivirus software that will provide real-time protection against threats, run scheduled scans, as well as quarantine and remove all infected files. In addition to using reliable antivirus software, you must also avoid any suspicious emails, attachments, and downloads.
If your browser homepage has suddenly changed, if pop-ups keep appearing as you surf the web, or if your computer is suddenly working slower than before, you will have to run a scan to identify the cause of this problem. You may already be part of a botnet, in which case you will need the best antivirus software to find the piece of malware that’s controlling your machine and remove all traces of it.
- University of Bradford
- JP Dias
- Ars Technica
Are you protected?
Botnets are responsible for some of the biggest cyber attacks in history. Don’t leave your online security to chance or your computer could become part of a botnet.