WHAT IS A BOTNET?
A botnet is a group of individual connected devices or networks that have been compromised such that they can be controlled by a single user or entity.
When multiple Internet-connected devices are chained together with each user’s express consent to work toward a shared goal, such as the crowdsourced SETI@home project, we call that shared computing.
When multiple computing devices are chained together without each user’s consent to achieve some selfish or nefarious goal, we call that a botnet.
A botnet is a network of infected “zombie” or “drone” devices that an attacker can put to work without the device owner’s knowledge. Ways an attacker might use a botnet include sending spam or in distributed denial of service (DDoS) attacks. A botnet’s combined computing power can also be put to resource-intensive tasks like password cracking and mining cryptocurrency.
Individual computers can be turned into botnet zombies. So too can websites, smartphones, Internet of Things (IoT) devices and more
The devices that make up a botnet are typically called zombie or drone devices. Both are great metaphors. The devices in a botnet don’t think about what they’re doing. They’re driven, mindless and no longer acting autonomously. Individually, they aren’t powerful but acting as a unit, a botnet can be overwhelming, as in a DDoS attack..
The more zombie or drone devices in a botnet, the more effective that botnet can be. Cyber criminals are always looking for ways to infect more devices to build larger and more effective botnets.
Devices can be infected and made part of a botnet in a number of ways, usually by visiting a suspect website or downloading or running an infected application or file (malware).
A distributed denial of service (DDoS) attack is an attempt to overwhelm a target server, network or service. DDoS attacks will often use the shared resources of zombie or drone devices in a botnet to send an overwhelming amount of bogus traffic at a target website or service to disrupt normal operation. Basically, if a DDoS attack is successful, the target servers are so busy trying to make sense of the flood of botnet traffic that they grind to a halt and legitimate traffic can’t get through.
Spam is sending unsolicited, untargeted email in bulk. Spam is a pure volume game; the more you send the better… for spammers specifically. Botnets, with the distributed computing power of multiple drone devices acting as one, will often be put to work sending spam email. Read more about this type of online abuse on the NetBeacon spam page.
Personal computers are the most common targets to be turned into drones. They’re far from the only targets. With the proliferation of smartphones and Internet of Things (IoT) devices, there are more devices than ever before that can be infected and turned into zombies in coordinated botnets.
Botnets use the computing and data transfer resources of the zombie devices that comprise it.
In fact, the first hint your device maybe impacted is slowdown or inexplicably higher data use. The cost can be very real, e.g. overage charges for data use your Internet service provider deems excessive. Other costs include the loss of computing resources to do legitimate tasks.
WHAT TO DO IF YOU SUSPECT A BOTNET
If you spot or suspect a botnet or see attempts to build one, use the NetBeacon app to report it immediately.
A NetBeacon report will provide the information the domain registrar or other industry partner needs to take action.
Don't be a zombie.
Attackers count on internet users not taking suitable precautions. Here’s what you can do to reduce the likelihood of falling victim to a botnet.
- Install updates as soon as they’re released. Device and software updates will often patch security holes that an attacker could otherwise exploit.
- Use malware scanning software and run regular malware checks.
- Use a router that can detect and block internal and external threats.
- Only download software from reputable sites.
- Don’t open or run email attachments.
HOW TO REPORT ONLINE ABUSE
If you suspect or have witnessed online abuse, sharing a NetBeacon report is the single most impactful action you can take. A NetBeacon report ensures that the information gets into the right hands.
Sign up or login to the NetBeacon abuse reporting tool with your email or SSO.
Identify the type of abuse and share any details that might help investigators.
Your report will be reviewed and shared with the appropriate bodies for action.