botnets – “Resistance is Futile”……..or is it?

Short for robot network, a botnet is a collection of computers / devices communicating with each other over the internet being controlled by the ‘bot master’.

Imagine the Borg from the Star Trek, a collective of infected (assimilated) devices with the intent of controlling others and completing nefarious tasks along the way.

The difference between the Borg and a botnet however, is the botnet is usually commanded by a cybercriminal, the bot master.

A cybercriminal using a robot network needs to acquire as many infected devices, ‘bots’, as possible during their campaign, the bigger the network of bots the bigger the impact it will have.


How does your device get infected?

There are a number of ways in which a device can become infected and join the collective but the most common are by either opening an attachment in an email which contains malware or by visiting a website that has been infected


How are botnets used?

In many cases botnets are used by cyber criminals for the sole purpose of financial gain although botnets have also been used for social and politically motivated reasons.

The use of a botnet by a cybercriminal is to ultimately make your device along with all the others in the network commit online offences, common exploits of a botnet will include:

  • The sending out of millions of spam emails. Many of these emails will contain malware that if downloaded will conscript the device into the service of the botnet master.The malware could also contain a RAT, Remote Access Trojan, with could be used to log key stoke or to control your devices web camera or audio.
  • Use your device and its bandwidth along with all the others in the network to perform a DDoS (distributed denial-of-service) attack without your knowledge.  Simply put to flash flood a website or server with that much data traffic that it cannot cope resulting in its performance being affected, a total DDoS attack would take the targeted system offline.
  • Create Fake internet traffic on third party websites.
  • Crypto-Mining, in a similar way to utilising your device and its bandwidth to perform a DDoS attack, cybercriminals will use the collective network to complete the required transaction and update the blockchain before their competition, as a result getting paid for doing so.

How to prevent your device being assimilated?

Malware is ever evolving, with every defence devised a new threat is developed but resistance is not futile, a few actions we can’t all take to prevent the spread of infection:

  • Do not open any files attached to or click on any links within emails from unknown sources or suspicious senders
  • Be cautious clicking on links in social networking posts
  • Check with friends or colleagues before opening unexpected emails from them, it could be the case that their device has been compromised.
  • Only use USB connected devices from trust worthy sources e,g memory sticks
  • Be cautious when downloading free software or receiving / sharing software from unknown sources.
  • Ensure you have the latest version of anti-virus installed, keep it and all other software up to date.