Save $99 on eero Pro 6 + Install. Use Code EEROINSTALL

How Botnets Work

botnets

A huge chunk of Internet traffic isn’t done by human beings. Rather, it’s generated by automated software or bots that engage in various, online activities. That includes crime. Thousands of users fall victim to malware on a regular basis, and their computers end up becoming members of hacker-controlled botnets. Your computer may already be a component of these nefarious networks too.

What Is a Botnet? How Does It Work? What Does It Do?

Short for robot network, a botnet is a large system of computers that are linked together via the Internet. These computers are under the control of a remote computer, often called the command-and-control (C&C) server, which the botnet operator uses to sends task instructions to each computer and to coordinate their actions.

Botnets have legal purposes for distributed computing. Stanford University, for instance, enlists the help of personal computers across the world for Folding@home, a project that simulates protein folding for the purpose of designing better drugs and treatments for illnesses. The SETI@home project, meanwhile, asks users to install on their home computers an automated software that helps analyze radio signals in the hopes of detecting intelligent life forms on other worlds. Volunteer computers use their spare system resources to work collectively for one purpose, and their banding together forms a synergy that yields results faster and better than the computers could individually.

Indeed, a botnet can be a good force to reckon with, but the term, unfortunately, carries a negative connotation due to its wide use by cyber criminals for malicious, automated tasks. These tasks include sending spam, spreading additional malware, recording keystrokes and sensitive information, launching distributed denial-of-service attacks (DDoS), and committing click fraud on pay-per-click advertisements. Botnets can also serve unwanted ads, act as Internet proxy servers or use system resources for mining the digital currency Bitcoin. Simply put, these tasks are all about money. Cyber criminals can even put their botnets for sale or rent to other cyber criminals.

To do all these, cyber criminals make sure their botnets can expand and actively look for computers to infect. Of course, no rational users would allow their PCs to be part of botnets, which is why cybercriminals exploit security vulnerabilities to turn computers into zombies that run bots—the automated software that performs tasks as instructed. Cybercriminals can also take advantage of human error and use confidence tricks to dupe gullible users into letting bots into their computers without realizing the consequences.

What Are Some Common Botnets, and How Prevalent Are They?

Several botnets have vastly increased in size to reach their full potential. The largest botnets often consist of hundreds of thousands (if not millions) of computers.

Srizbi

In 2008, Srizbi was considered the biggest botnet the web had ever seen. It compromised 300,000 computers around the world and distributed 60 billion spam every day. This massive number accounted for 50 percent of spam at the time.

Grum

Grum was responsible for more than one-fourth of the world’s spam, with the primary focus on pharmaceutical advertisements. Its active operation lasted about four years, from 2008 to 2012, and distributed 39.9 billion unwanted messages on a daily basis. At the time, Grum was the third largest botnet in the world, having infected up to 840,000 computers.

Storm

Storm was noted to be one of the first to utilize peer-to-peer networking, in that it controlled zombie computers not through a dedicated C&C server but rather through a decentralized structure. The combined computing power of this botnet surpassed the computing power of some of the world’s supercomputers, allowing it to launch several DDoS attacks with relative ease. The lack of a central server made Storm difficult to be taken down, but several factors caused the botnet to start declining in late 2007.

Note that security researchers and law enforcement agencies make a collaborative effort in taking down botnets. Unfortunately, botnets that have been taken down sometimes end up resurfacing a few days later, especially if the attackers behind the botnets remain at large.

How Do You Know That Your Computer Is Already Part of a Botnet?

According to the FBI, 18 botnet infections happen every second. That adds up to more than 500 million infected computers per year. It’s possible that your computer may already be one of these compromised computers, and you’re just not aware of it.

To confirm the presence of a bot or automated software in your computer, look for indications of malware infection. These include erratic system behavior (freezing, crashing, and apps opening and closing on their own), frequent error messages, abnormally low system memory, and unusually high Internet bandwidth usage. You may also notice an increase in your computer’s electricity consumption because of a bot infection.

Then again, your computer may not show these symptoms while the bot remains in dormant state and waits for instructions from its operator. And just because your antivirus hasn’t alerted you about any suspicious activity doesn’t necessarily mean your computer is clean. New botnet threats emerge every day, and security vendors cannot always keep up and enhance their products with protection updates.

Do note that there are legitimate programs that download in the background. These include your apps and operating system that are downloading their silent updates automatically. It’s important that you distinguish these network bandwidth consumptions from the bandwidth usage caused by malware.

If you want a proactive method to detect existing bots on your computer, use Microsoft’s on-demand utility Safety Scanner.

How Do You Protect Your Computer From a Bot?

As mentioned above, takedowns by law enforcement agencies don’t always cripple botnets, as they can easily come back into operation when the cybercriminals remain uncaught (or when other criminals take over the operation). Computer protection against botnets, therefore, heavily relies on the user. A good antimalware with an up-to-date scanning engine is a start, along with other essential security software. In fact, experts agree that Grum and other botnets wouldn’t have existed if users worldwide provided their computers with sufficient protection.

This doesn’t mean you should relax just because you have security software in your system. You must still exercise constant vigilance, playing an active role in protecting your computer. Remember to update every installed software on your computer (including the operating system) and uninstall apps and plugins that are prone to have security holes, such as Java. Don’t be tempted to support piracy to avoid spending for commercial software. Pirated applications have a high chance of carrying payloads of malware.

Was this article helpful?

Thanks for your feedback, add a comment here to help improve the article