Malware spotlight: What are botnets?

Introduction

They say simple plans are the most likely to be successful, and this adage definitely carries over to the world of cybersecurity. This old saying also applies to the world of attackers — simple attack strategies are more likely to be successful. 

Botnets are the attacker’s version of putting this saying into practice, and this article will provide a high-level overview of these instruments of simplicity. We’ll explore what botnets are, the two main botnet structures, different attacks typically launched by botnets and how to protect against them. If you are a bit in the dark regarding how simplicity applies to botnets, this article will help you understand how it all ties together.

Simplicity, huh?

From the attacker’s perspective, absolutely. Consider this: during an attack campaign, multiple systems may have malware installed on them. These systems may be spread all over the world, in different countries and definitely on different networks. 

A ham-handed approach to managing all of these compromised systems is to manually log into each one of these systems during the attack. This ends up becoming a gigantic mess where the attack only progresses as far as the attacker progresses. 

Sponsorships Available

Sponsorships Available

Sponsorships Available

No attack campaign, for obvious logistical reasons, works like this. Rather, attackers use what is called a botnet, where just a few clicks on the attacker’s end results in all compromised systems working together. Simply put, botnets turn an unmanageable mess into both a simple and efficient plan.

What is a botnet?

Botnet is a strange name because it is a portmanteau, or combination of two different words. The first part of the name comes from “robot” because compromised systems that have the attacker’s malware installed are like robots or zombie slaves doing the attacker’s bidding. The second portion of the name comes from (Read more...)