What is a botnet?
A botnet is a group of Internet-connected computers that communicate with each other to complete some repetitive tasks.
Usually, this term is used with a negative connotation. It indicates a group of computers that are infected by malware. And the computational resources of those infected computers are used for illegal activities like performing DDoS attacks, sending spam, etc., without the computer owner’s knowledge.
The term botnet is widely used in Internet Relay Chat. This is where the term was born. But, later, similar concepts started getting used by attackers for performing attacks and other illegal activities.
How does a botnet spread?
A computer becomes a bot when the computer unknowingly gets infected by malware like viruses, worms, or trojans (What is the difference between a computer worm, virus, and trojan?).
Computer viruses attach themselves to other computer programs. So, when a user executes a virus-infected program, e.g., an infected Microsoft Word Document or a .exe file, the computer gets infected by the virus. After that, the virus self-replicates itself and infects more computers.
Computer worms spread themselves through the network. They take advantage of the security vulnerabilities of various programs. And trojans (What are trojans and how to prevent them?) spread themselves by using social engineering (What is social engineering?). When a user opens a suspicious email attachment, clicks on an unverified link, or downloads software from an untrusted source, the user’s computer gets infected by trojans. Sometimes, attackers even display falsified webpage ads of anti-virus software. When a user clicks on it, a trojan infects the computer.
When a computer gets infected by malware, it may be controlled by the attackers and used as a bot.
How does a botnet work?
A botnet’s originator can control the computers that form the botnet through IRC or Internet Relay Chat. The server that controls the botnet is known as Command and Control Server.
Botnet operators use some protocols to control the botnet. These protocols include a server program, a client program, and a program that embeds the client in the victim’s machine. The computers of the botnet communicate over the network. Sometimes, these infected computers communicate in an encrypted format so that the communication remains covert.
0 Comments