WHAT IS A BOTNET?

A botnet is a group of individual connected devices or networks that have been compromised such that they can be controlled by a single user or entity.

When multiple Internet-connected devices are chained together with each user’s express consent to work toward a shared goal, such as the crowdsourced SETI@home project, we call that shared computing.

When multiple computing devices are chained together without each user’s consent to achieve some selfish or nefarious goal, we call that a botnet.

A botnet is a network of infected “zombie” or “drone” devices that an attacker can put to work without the device owner’s knowledge. Ways an attacker might use a botnet include sending spam or in distributed denial of service (DDoS) attacks. A botnet’s combined computing power can also be put to resource-intensive tasks like password cracking and mining cryptocurrency.

Individual computers can be turned into botnet zombies. So too can websites, smartphones, Internet of Things (IoT) devices and more

ZOMBIEs/DRONES

The devices that make up a botnet are typically called zombie or drone devices. Both are great metaphors. The devices in a botnet don’t think about what they’re doing. They’re driven, mindless and no longer acting autonomously. Individually, they aren’t powerful but acting as a unit, a botnet can be overwhelming, as in a DDoS attack..

INFECTION

The more zombie or drone devices in a botnet, the more effective that botnet can be. Cyber criminals are always looking for ways to infect more devices to build larger and more effective botnets.

Devices can be infected and made part of a botnet in a number of ways, usually by visiting a suspect website or downloading or running an infected application or file (malware).

DDoS

A distributed denial of service (DDoS) attack is an attempt to overwhelm a target server, network or service. DDoS attacks will often use the shared resources of zombie or drone devices in a botnet to send an overwhelming amount of bogus traffic at a target website or service to disrupt normal operation. Basically, if a DDoS attack is successful, the target servers are so busy trying to make sense of the flood of botnet traffic that they grind to a halt and legitimate traffic can’t get through.

SPAM

Spam is sending unsolicited, untargeted email in bulk. Spam is a pure volume game; the more you send the better… for spammers specifically. Botnets, with the distributed computing power of multiple drone devices acting as one, will often be put to work sending spam email. Read more about this type of online abuse on the NetBeacon spam page.

THE RISK

Personal computers are the most common targets to be turned into drones. They’re far from the only targets. With the proliferation of smartphones and Internet of Things (IoT) devices, there are more devices than ever before that can be infected and turned into zombies in coordinated botnets.

THE COST

Botnets use the computing and data transfer resources of the zombie devices that comprise it.

In fact, the first hint your device maybe impacted is slowdown or inexplicably higher data use. The cost can be very real, e.g. overage charges for data use your Internet service provider deems excessive. Other costs include the loss of computing resources to do legitimate tasks.

WHAT TO DO IF YOU SUSPECT A BOTNET

If you spot or suspect a botnet or see attempts to build one, use the NetBeacon app to report it immediately.

A NetBeacon report will provide the information the domain registrar or other industry partner needs to take action.

Don't be a zombie.

Attackers count on internet users not taking suitable precautions. Here’s what you can do to reduce the likelihood of falling victim to a botnet.

Install updates as soon as they’re released. Device and software updates will often patch security holes that an attacker could otherwise exploit.
Use malware scanning software and run regular malware checks.
Use a router that can detect and block internal and external threats.
Only download software from reputable sites.
Don’t open or run email attachments.

Take Action

HOW TO REPORT ONLINE ABUSE

If you suspect or have witnessed online abuse, sharing a NetBeacon report is the single most impactful action you can take. A NetBeacon report ensures that the information gets into the right hands.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_MQJE9B6CZP	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_990977_22	1 minute	Set by Google to distinguish users.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.