May, 2019


Botnet Attack

The most dangerous hackers can break into people’s account, tricking them into handing out personal information, send out annoying or dangerous spam, spread fake websites, infect millions with malware and deny access to entire portions of the internet. Doing all these things would have been impossible if one of the most dangerous and common tools in the hacker’s toolkit: the Botnet didn’t exist. Sadly, for us, Botnet is a real thing and helping cybercriminals undertake a number of malicious activities without any difficulty. If you are wondering what Botnet is, let us introduce you to it.

What is Botnet?

A network of infected computers, Botnet works under the command of a single master computer. They work together to accomplish a goal that is to steal your private information or badly infect your device. Some might perceive it as a simple tool but in reality, it is a powerhouse that helps hackers to attempt the worst attacks possible.

A Botnet Works On The Basis Of Two Things:

  1. It needs a large network of infected devices, known as “zombies”, that cyber attackers use to do the grunt and heavy lifting work for whatever scheme they have planned.
  2. It needs someone to command it, frequently called the Command and Control centre, or “bot herder”.

Once these two things are in place, the botnet is ready to cause mayhem on several PCs at the same time.

To understand it in easier terms, Botnet is a combination of ‘bot’ and ‘network’. This term was first coined in 2001 by EarthLink Inc. The company is the third largest internet service provider and has been a staunch advocate of online privacy, going an extra mile by running advertisements promising to go after those who abuse it. In 2000, a notorious spammer – Khan C. Smith, used the company’s network to send an estimated 1.25 billion junk e-mails. He wracked up 3 million dollars by running the biggest span network ever discovered. The scheme backfired on Mr. Smith as he lost a lawsuit and had to pay 25 million dollars to EarthLink. Though the man suffered a net loss of 22 million dollars and it exposed how dangerous this technology could be.

Botnets Are Quite Comprehensive And There Are Two Ways Through Which An Individual Could Fall Victim To One:

  1. You can either get attacked by a botnet powered scheme
  2. Or your device could join one of these worldwide hacker networks.

How Botnets Really Work?

Botnets have a lot of nuts and bolts that are peculiar to understand but we will focus on the major strokes to know how this particular threat works. You will get an idea of their magnitude and the risk they pose to all those who enjoy using the internet.

A lot of people have made their careers in getting computers to interact with each other. Running it is important but figuring out how to efficiently set up a network is vital too. So, again there are two primary ways through which botnets are set up:

  1. The Client-Server model
  2. The Peer-to-Peer model
  • The Client-Server model

This is an old fashioned way, where these ‘zombies’ receive the instruction from a single location, which is typically a website or a shared server. It was sufficient in the early days and was easier to shut down by taking down the website or server and let the whole system crumble.

  • The Peer-to-Peer model

The Peer-to-Peer model is an advanced version of the Client-Server model. It fixed the issue the latter had as in the former system, at first there are few infected machines that communicate directly with others that are on the network. Then, those few connect to a few more, which are further connected to even more devices. This way the whole system is strung together, so removing one or two device doesn’t solve the problem because others pick up the defect.

In both cases, the command and control is given by the hacker using a digital signature, leading to the spread of botnet through the entire network.

How Botnets Come Into Existence And Spread The Infection?

A network has been set up but now it needs devices to join it. This is done with another malicious tool that most of you would be aware of: Trojan.

For those who don’t know, Trojan is a piece of malicious software that smartly tries to slip into a computer by pretending to be something completely harmless. They are pretty popular by being a part of phishing email and are also found in pirated software. They also sneak into the computer through malvertizing attacks. To understand Botnet, it doesn’t matter how hackers get into the device. What matters is what they do once they gain access.

When Trojan gets into the computer it opens up a backdoor for the hackers to access and control the aspects of the device and other devices connected to it. Through, Trojans don’t give hackers a lot of access but it enough to effectively run a botnet. When enough computers open their built-in backdoors, the hacker combines them into a network to successfully create a botnet. Voila! Half of the job is done.

What Hackers Can Do With The Botnet? 

You really don’t want to know that but still, we will answer this question for you. A botnet allows hackers to do two things:

  1. Send things out quickly, and
  2. Make every computer to do the same thing at the same time.

But when creativity is added, such simple tools can become really dangerous and unluckily for us, hackers have found many ways to use botnets to do pretty awful things.

  • Spam Attack

As we talked about earlier, at first the botnets were created to help facilitate phishing and spam attacks. It is an easy task to create some spam and send it to everyone on your contact list but that would hardly annoy anyone. What’s better is to have millions of computers sending out as much spam as possible to as many inboxes as they can, so that the spam can spread fast and hit hard as many people as it can. Fortunately for cybercriminals, this is exactly a botnet can do.

  • Affect Millions With Malware

Cyberbullies spend years to craft the perfect virus, so will they be happy by sending it to just a few people? No! They are determined to share it with the world. Just the way spam wants to reach the majority of people, malware is at its best when it is hitting thousands and thousands of people.

In case you don’t know, malware really doesn’t have a long shelf life. Its single strand can only exist for an hour before an antivirus updates itself, making malware obsolete. So in order t succeed, hackers try to infect as many devices as possible or either bunker down to avoid antivirus scams. With the help of botnet, they send it across as many people as achievable in a short time frame, especially f it’s trying to infect devices through email or an open network.

  • DDOS Attacks

Many times we try to access a website but could not make a connection. Oftentimes the culprit behind this is DDoS attack. If you are wondering what DDoS does, well, it’s a malicious practice of having a lot of ‘zombies’ crowding up a website, slowing down the speed of the website making it difficult to crawl. So anyone trying to reach the website will find it terribly hard to access it.

Hackers DDoS sites a lot for a number of reasons. Though there’s no financial gain to it, they simply do it as a form of protest or as a mockery. But why they do it doesn’t matter. They just use the botnet to access a lot of computers trying to reach the same site at the same time to pull it off.

  • Sharing Passwords

Hackers love breaking into your account using something that is called Brute Force attack. Obviously, hacking into someone’s account is not an elegant affair.

Still thinking about Brute Force attack? Without going much into details, this type of attack is trying every combination of words, phrases, letters, and special symbols that they can until they manage to get it correct by sheer chance. When specific words and word variants are used, it is more specifically called a Dictionary Attack. This is undoubtedly the most common way of password hacking.

The problem hacker face during such a thing is that most websites only allow a selected number of times a single computer or IP address can type in a password before lacking them out. So, technically Brute Force attack is hard if you’ve only got five chances to do it. To get out of this situation hackers make use of Botnet. They use every system on the network to try as often as it can before getting locked out. Password becomes easy to crack with so many systems and enough time.

How To Keep From Joining A Botnet?

Botnet is just another virus and you can keep yourself safe from it just the way you protect yourself from any other malware.

  • Don’t download things you don’t trust,
  • Don’t click online ads,
  • Don’t fall for phishing emails,
  • Keep a powerful antivirus on your computer, like REVE Antivirus.

If your PC has already become a botnet…

If you have made the mistake of joining a botnet, things got a little complicated because Trojan or rootkit have the tendency to stay hidden from antivirus software. If your PC is displaying the symptoms of being a part of botnet but the antivirus isn’t doing anything, you have two choices:

  • Do A Factory Reset: It will surely get rid of the problem but everything else on your computer will be gone too.
  • Run a Boot-Time Scan: it can catch deeply rooted malware by scanning the system before the OS starts up. Malware won’t be able to hide or stop it.

Without second thoughts, the latter option is better than the former one.

Slay The Botnet

Breaking up a botnet operation isn’t really the business or job of an average consumer. Law enforcement individuals are the ones who have to take this task in their hands and slay it by getting rid of the Command and Control Centre. They can do it by either by finding the machine that acts like it and shutting it down or keeping the hackers from being able to access it themselves.

If we talk about the Client-Server model, this task is easy as there’s only one source that links back to every infected device. So, they just have to find it and cut it off. For this reason, hackers opt for Peer-to-Peer model, where any device on the system could, in theory, act as the Bot Herder. The professionals can’t just cut one and be done with the task. They have to find every single Bot Herder and remove it from the system. Looks like a tiresome work but it has to be done.

Summing It Up

Zombies look good only in horror movies or video games but losing control of your computer is the opposite of fun. Now you know what all a hacker can do by using botnet but it is great to know that there’s even a greater tool that can easily halt their operations and that being a strong antivirus like REVE Antivirus.

There’s another good news: The number of active botnets and infected devices has been on a worldwide decline. So if we follow excellent online habits and use a strong antivirus, we can possibly get rid of botnets once and for all.

The Author

Abhijeet Guha

Abhijeet is an active blogger with decent experience in the IT Security industry. He researches on various topics related to cyber security and pens down his research in the form of articles & blogs. You can reach him at abhijeet@reveantivirus.com.
Abhijeet Guha
  Leave a Comment