Thursday, December 24, 2015

What is a Botnet ?

A Botnet is a group of internet-connected computers, which communicate with each other to complete some repetitive tasks.

Normally, this term is used in negative connotation and it indicates a group of computers which are affected by malware and their computational resources are used for other illegal activities like performing DoS Attacks, sending spams etc without the computer owner's knowledge.


The term Botnet is widely used in Internet Relay Chat. This is where the term was born. But, later similar concepts started getting used by attackers for performing attacks and other illegal activities.


How does a computer become a Bot ?


A computer becomes a bot when the computer unknowingly gets infected by a malware like virus, worm or trojan.

Computer viruses attach themselves with other computer programs. So, when a user executes a virus infected program, e.g. an infected Microsoft Word Document or an .exe file, the computer gets infected by the virus. And after that, they self-replicate themselves and infect more computers.

Computer worms spread themselves through the network, taking advantage of security vulnerabilities of various programs. And trojans spread themselves by using social engineering. By opening suspicious email attachments, clicking on unverified links or downloading software from untrusted resources they can infect a computer. Sometimes, attackers even display falsified webpage ads of anti-virus software and on clicking on it, it infects a computer.

And when a computer gets infected by malware, it may be controlled by the attackers and used as a Bot.


How does a Botnet work ?


A Botnet's originator can control the computers forming the Botnet through IRC or Internet Relay Chat. The server that controls the Botnet is known as Command and Control Server.

Botnet operators use some protocols to control the Botnet. These protocols include a server program, a client program and a program that embeds the client in the victim's machine. The computers of the Botnet communicate over the network, sometimes in an encrypted fashion so that it can remain covert.


How is a Botnet created ?





  • A computer gets infected by malware.
  • The computer starts working as a Bot and logs into a particular Command and Control Server.
  • A malicious attacker, say a DoS attacker purchases the services of the Botnet from the operator of the Botnet.
  • The attacker instructs the operator to perform a DoS attack, for example, to redirect internet traffic of all those machines of the Botnet to the victim machine.
  • A DoS attack is performed. The victim machine gets flooded with network packets, being unavailable for intended operations.


Purpose of Botnet


Computers in a Botnet can be used in many illegal activities. Just to give some common examples :

  • Sending spam emails.
  • Performing DoS attacks.
  • Advertising Adware without the user's knowledge and awareness.
  • Stealing sensitive information through Spyware.
  • Generating false web traffic through Click Fraud for attacker's personal and commercial gain, without user's knowledge.
  • Recruiting more computers in the Botnet and spread computer worms.
  • Spreading scarewares like ransomware.


How to prevent Botnet ?


There are a couple of countermeasures we can take :
  • Prevent your computer from being infected by a malware. Do not open suspicious email attachments. Do not click on suspicious links. Install software from trusted sources only.
  • Update your computer with latest security patches of softwares you use. Malware often spreads exploiting the security vulnerabilities of softwares.
  • Update your computer with latest anti-virus software.
  • Various computer and network security companies have released software to counter Botnets. For example, Norton AntiBot helps consumers by shutting down Command and Control Servers or entire IRC servers of Botnet. Use of these software can help you in preventing this attacks.



No comments:

Post a Comment