Home

botnet

A botnet is a network of private devices compromised by malware and controlled as a group by an operator. The devices, or bots, can be computers, servers, smartphones, or Internet of Things devices, which at the time of infection run software that reports to a central controller. The operator issues commands through a command-and-control infrastructure, which may be centralized, or distributed using peer-to-peer techniques. In a central model, bots periodically check in with a C2 server; in P2P models, bots relay commands to each other, making takedown harder.

Infections typically occur through malicious email attachments, drive-by downloads, exploit kits, or weak device security, including

Botnets are used for malicious activities such as distributed denial-of-service attacks, sending spam, participating in credential

Attempts to detect and disrupt botnets include network monitoring, signature-based and behavior-based security, sinkholing, and takedowns

Notable botnets have included IoT-focused families responsible for large-scale DDoS and criminal operations that exploited compromised

default
passwords
on
IoT
devices.
Once
a
device
is
infected,
it
can
be
remediated
by
cleanup
and
patching,
reimaging,
or
replacing
compromised
hardware.
stuffing,
click
fraud,
data
theft,
or
clandestine
cryptocurrency
mining.
They
can
operate
at
scale,
with
tens
of
thousands
to
millions
of
bots,
and
can
target
victims
globally.
of
infrastructure
used
for
C2.
Users
can
reduce
risk
by
keeping
systems
updated,
employing
strong
authentication,
segmenting
networks,
and
using
endpoint
and
network
security
software
to
detect
unusual
traffic
patterns.
devices
and
servers
worldwide.