What is a botnet

The word Botnet gets its name by joining the words Bot and Net, bot is a short for Robots and Net for Network. In a one line definition, a BotNet is comprised of a network of computers which intends harm to the computer owner and also others. The reason it is known as a Robot Network is because it is "controlled" its master handlers or owners. These handlers or owners turn the infected machine into a zombie, which has no choice but to "obey" their commands. The owners of the infected computers don't even know that their machine is infected.

 

Botnets still remain the worst problem for computer security professionals. The purpose of a botnet infected computer could range from just stealing data from the local machine to targeting and sabotaging remote machines. Botnets are used to collect information such as usernames and passwords from an infected machine which can lead to compromising credentials, for example username and password to log on to your bank's website.

It could destroy or send over documents of importance such as financial spreadsheets, CAD drawings, confidential documents that could be used in identity theft to its handlers. In some cases, the infected machines are used as mail servers to send SPAM emails or even produce ad-clicks to generate ad based revenue for certain websites. The most malicious use of an infected machine is to infect other machines and make them a part of its own network, and then launch DDOS (distributed denial of service attacks) on another network or website. When a DDOS attack is launched on another network, the website or network under attack gets so overwhelmed by requests that it simply can't keep up and shuts down, denying service to legitimate customers.

Because the nature of an infected machine and its payload could be so different the infection is hard to detect. The most common sources of infection are IRC (internet relay chat), where users join a chatroom and are sent a "file" by another infected user and they accept the transfer. Malware infected websites are also a big source of this problem. You must stay protected by having multiple layers of protection on your network and machines. You must have a firewall (even if it’s a small router based one) on your network, in addition your machines must have spyware and antivirus clients installed on them, and they must be set to do regular updates. There are even some online services such as one from Microsoft (see an article we did about Microsoft’s Live One Care) that can scan your machine of infections. Even with all due software installed, you must do your own due diligence to avoid being infected, do not accept file transfers from unknown sources, do not open emails (with or without attachments) from sources you do not trust, do regular virus and spyware scans of your machine and keep your machine updated with all the patches and security updates from your OS vendor

 

Here is a video from Symantec on BotNets and what are they!