Blog

Even though malware or malicious computer code has been around in some form or other for over
40 years, in the past decade the idea has evolved into a rather sophisticated
form-the use of malware to take control of a group of computers that are then
organized into something called a botnet is a recent phenomenon. The fact that
even in the presence of latest and the most advanced protection tools this
special kind of malware is responsible for some of the most costly security incidents
experienced during the last 10 years is a proof that a lot of effort goes into
defeating botnet malware and, when possible, shutting botnets down

A ‘bot' is a type of malware that an attacker can use to
control an infected computer or mobile device. A botnet is a collection of compromised computers often referred
to as "zombies" infected with malware that allows an attacker to
control them. The word botnet is made up of two words: bot and net. Bot is
short for robot, a name we sometimes give to a computer that is infected by
malicious software. Net comes from network, a group
of systems that are linked together.

Botnets are used by malicious actors
for various purposes, ranging from information theft to sending spam. As with
every other form of crime, more resources mean faster and better results. People who write and operate such malware
cannot manually log onto every computer they have infected, instead they use
botnets to manage a large number of infected systems, and do it automatically. Often, such cybercriminals seek to infect and
control thousands, tens of thousands, or even millions of computers – so that
the cybercriminal can act as the master of a large ‘zombie network’ – or
‘bot-network’ – that is capable of delivering a Distributed Denial of Service
(DDoS) attack, a large-scale spam campaign, or other types of cyberattack. Various
types of people operate botnets. Criminal gangs use them to steal banking
credentials and commit fraud, pranksters use them to spy on webcams and extort
their victims. In some cases, cybercriminals establish a large network of zombie
machines and then sell access to the zombie network to other criminals – either
on a rental basis or as an outright sale. Spammers may
rent or buy a network in order to operate a large-scale spam campaign.

Bot programs can be planted on a machine or
device in many ways and when a computer becomes part of a botnet, it can be
instructed, among other things, to send spam or make queries to overload a
website(s). One common method for a bot program to get on a machine is when a
harmful website the user is visiting silently looks for and exploits a
vulnerability in the user's system to install the bot on it.The attacker
controlling the botnet is sometimes referred to as the ‘botherder', ‘operator'
or ‘controller'.

Other popular ways include sending the bot as
a file attached to spam emails sent to the user, or as a program dropped from
the payload of another malware. Once the bot program is installed on the
device, it will try to contact the website or server where it can retrieve
instructions from the botherder. This site or server is known as the
command-and-control (C&C) server. An attacker with access to the C&C
servers uses a client program to silently send instructions over the Internet
(or another network) to the bot to perform various tasks, such as collecting
data, monitoring the user's actions and so on. Commands can be issued to a
single bot, or to all the bots in botnet.

According to data from cybersecurity researchers
at Symantec, Turkey plays host to the highest botnet population. Behind Turkey,
Italy ranks as the second-most bot-populated country, with Hungary third. That
pattern is also reflected in the ranking of cities with the highest bot
population with Italian capital Rome in third, followed by the Hungarian cities
of Budapest and Szeged in fourth and fifth, according to the research from
Norton by Symantec. These parts of the world are an attractive target for
hackers because they're markets and cities which have recently seen a huge
increase in high-speed internet and connected devices but where security
awareness may be lagging.

The risks associated with botnets are
varied; one can have sensitive information stolen from the electronic device,
such as intellectual property, blueprints, or passwords giving access to
sensitive resources (for example online games). Infected computers can also be
used to overload servers or send spam. Since there are various types of
malware, each of which may be used to target a different group of users. These
days the line between corporate and personal devices and networks is very
blurry so we could easily say both categories are equally at risk.

A user can find out if his/her computer
is infected through various tools. The most typical would be to use a good
anti-malware product. For more tech-savvy users, using more sophisticated
diagnostic tools or simply
looking at which processes are running on a computer and which programs are
installed might reveal the presence of a botnet malware infection , sometimes
it’s not that easy to determine botnet’s presence.
However, it is important to understand that once a computer is infected, it
really doesn’t belong to its owner anymore; it is operated and used by someone
who can be on the other end side of the globe, potentially conducting all kinds
of illegal activities.

Whenever an infected
computer is found, it needs to be taken offline and cleaned as quickly as
possible. An effective collaboration between users, research groups, internet
service providers and law enforcement agencies greatly helps in fighting
botnets and bringing the people who operate them to justice.