What is a botnet?
The term “botnet” refers to a collection of computers that have been affected by malicious software, or malware, that allow remote execution of various actions. Computers affected by these viruses tend to use Internet Relay Chat (IRC) to communicate back to a Command and Control Server (C2 Server). A C2 server acts as a beacon for computers within the botnet to communicate with to receive new instructions regarding future actions.
If a computer is affected by such malware, then the user may not be able to tell that their system had ever been infected. This is because the primary goal of the botnet malware is not to get money from the user or hinder their experience like other viruses often do, but rather to be invisible to the user so they never realize their system is being co-opted for other activities. The purpose of a botnet may vary, but the core principle is to have a collection of machines working on a goal collectively for greater efficiency without having to worry about the computing power. The most common uses of a botnet include Distributed Denial of Service (DDoS) attacks and spam, but botnets have even mined cryptocurrency.
A DDoS attack, in short, is an attack that brings down a service by flooding it with a large amount of traffic in a narrow time frame. For a DDoS attack to be successful, you need two primary attributes: coordination and magnitude. Both of these attributes make using a botnet particularly appealing to those looking to carry out such an attack. With the control of an immense botnet, all that is left to do is pick a time and target to carry out your attack. Compared to a DDoS attack, spam may seem like a waste of computing power, but spam is the fundamental means of travel for malware. Spam will allow the botnet to grow or spam may be used to spread a different type of malware altogether. Although DDoS attacks and spam are common uses, a botnet may be configured to carry out any action imaginable – especially those that would benefit from the vast amount of computing power.
How to avoid being part of a botnet
Protecting your computer from joining the ranks of a malicious botnet can be done with simple countermeasures that reoccur in most processes of securing your system. First off, make sure to have an updated antivirus on your machine. This will passively catch any suspicious activity that may be present. It is also recommended to do an active scan of your machine every so often, or set up a scheduled scan, with your antivirus. This will check to see if any unwanted files have made it onto your computer. Lastly, be aware that although botnet-creating malware may be intended to subdue your computer to act in accordance to the botnet, there is no restriction on a malicious entity that has infected your computer that keeps them from browsing all your personal data. If you believe to have been part of a botnet, or infected by any other virus, a safe subsequent step may be to lock down (change the password(s), etc.) any and all accounts that you have sensitive data pertaining to on your computer, or that you have accessed recently.
