A botnet [short for bot network] is a network of hijacked computers and devices infected with bot malware and remotely controlled by a hacker. The bot network is used to send spam and launch Distributed Denial of Service [DDoS] attacks, and may be rented out to other cybercriminals. Botnets can also exist without a command and control (C&C) server by using peer-to-peer [P2P] architecture and other management channels to transfer commands from one bot to another.

Because of the continuing development and broadening use of the internet of things (IoT), botnets created from connected devices have become more prominent. These are called IoT botnets, and they are largely similar in function to regular botnets.

Initially, botnet operators used IRC clients to deliver instructions and execute DDoS attacks. Much recent botnet operations were observed to have the ability to mine bitcoins, intercept any data in transit, send logs that contain sensitive user information to the botnet master, and consume the user’s machine resources. See infographic below:

Botnet Battle Infographic

Botnets have continued to evolve over the years. Their most common features now include varied C&C models [centralized or distributed] and attack types [spam, DDoS, data theft], an increased communication protocols used [IRC, HTTPS], the use of effective evasion techniques [SSL, VoIP tunneling] and versatile rallying mechanisms [hard-coded IP address, distributed DNS service].

Botnets have also been used to target point-of-sale [PoS] and other payment systems. 

Trend Micro’s free RUBotted antivirus service monitors your computer for suspicious activities associated with bots. If it discovers a potential infection, RUBotted will identify and clean it with the Trend Micro™ HouseCall™, which can detect known and unknown variants of botnet families including the following notorious botnets:

  • ZBOT/ZeuS – bank information stealer
  • KOOBFACE – most successful Web 2.0 botnet
  • WALEDAC – infamous spamming bot