A beginner’s guide to botnets

A beginner’s guide to botnets

Botnets are one of the biggest threats facing users of the internet, yet they’ve somehow managed to stay below the radar of many consumers.

This phenomenon first emerged in 1999, when internet connectivity was still a novelty and collective processing power far outstripped the modest performance of standalone devices.

Within a few years, botnets evolved into criminal enterprises, used to conduct mass data theft and other nefarious activities.

Today, they might encompass ten million infected devices around the world, including weakly-protected Internet of Things tools like webcams or bathroom scales.

Understanding these malevolent networks – and appreciating how to avoid them – is more important than ever in the IoT age.

The antisocial network

A bot is a software application capable of conducting repetitive, automated tasks very rapidly.

Many are entirely benign, such as the web crawlers used to index webpages before ranking the results in a proposed order of relevance.

A botnet represents a more malevolent manifestation.

It is a network of infected computers, whose only shared attribute is the presence of malware on their hard drives.

Trojans, worms, viruses and other rogue code elements stealthily take control of a computer, placing it under the governance of a Command and Control server (CnC).

The CnC controller harnesses the collective processing power of every enslaved machine for global activities – mass distribution of spam emails, Bitcoin mining, etc.

Botnets are regularly used to crash websites by deliberately flooding servers with data requests – known as Distributed Denial of Service attacks, or DDoS.

They’re even used to artificially inflate website traffic volumes, boosting SEO scores.

How to identify a botnet

End users generally don’t see botnet activities taking place, but they’ll identify a sudden deterioration in performance as the computer’s resources are redirected elsewhere.

Another warning sign may be error messages or crashes in antivirus software – for obvious reasons, malware payloads tend to block the installation or operation of antivirus tools.

The hard drive light on older computers might be constantly flickering even when the device isn’t being used, and system process lists may show a large amount of CPU activity at “idle”.

A less common side-effect involves unexpected popups or difficulties visiting websites, though these are more likely to indicate spyware than a botnet.

Preventative measures

There are no definitive ways to avoid becoming ensnared in a botnet, but certain measures should reduce the risks considerably:

  • Maintain up-to-date antivirus software. The processing power of desktop computers is the obvious target of most botnet CnCs, so keep AV tools active and regularly updated
  • Avoid opening unsolicited email attachments, or downloading unknown scripts. If malware is blocked at source, it’s very difficult for a machine to become infected
  • Use a firewall. This could be hardware (an old PC acting as a bridge between a computer and a broadband router) or software. Either way, it’s another barrier against malware
  • Monitor device performance. For instance, a PC should have 95-98 per cent of system resources available at idle. Sudden drops in performance may indicate a problem.

Leave a Reply

Your email address will not be published. Required fields are marked *

DO Version