Botnet is like flu. It spreads quickly; it attack devices with poor security and causes devastations in the network. It can easily infect a computer, server, mobile devices and the Internet of Things.
It attacks devices connected to the Internet without the owner's being aware. After infecting many devices, there is an "epidemic" during which all the infected devices are used for conducting DDoS attacks.
1. What is a botnet?
Botnet is a collection of hacked devices connected to the Internet which are remotely controlled by cybercriminals. A victim's computer is infected with malware. It allows for intercepting a device and using it for conducting attacks. Infected computers are called "bots" or "zombie-computers". A botnet searches in the network for a device which does not have proper security and it infects it. Its aim is to infect as many devices as possible; such devices will be later used for conducting an attack.
2. Botnet use
Botnets, which are zombie-computers, are a very popular method of DDoS attacks. They use computer performance and capacity. They send high volumes of traffic to the website which leads to its blocking. Botnets are frequently used for distributing spam, spreading viruses, attacking computers and servers and committing many more types of crime.
In the hands of cybercriminals they are a very dangerous tool. They generate huge financial and image losses, and for hackers they are a source of profits. Cybercriminals use them for conducting DDoS attacks in e-shops, banks, government institutions and many other websites.
3. Be alert!
An attack with the use of a botnet is directed not only at companies but also private persons. In order to intercept a computer, cybercriminals use accounts which are protected with weak passwords or they send infected links by e-mail, photos, files, which we click unaware of a hazard.
Therefore, it is worth taking care of proper precautions which will protect our device against prospective infection. Basic anti-virus protection will protect us against spam, warn us against clicking on dangerous URL addresses sent in spam or downloading malware (e.g. viruses).
4. Is your computer a part of a botnet?
Symptoms demonstrating that your computer is infected with malware are as follows:
- slower computer work,
- a sudden change or total disappearance of files and folders,
- there are more error messages than usually,
- your bank, out of a sudden, asks for providing personal details which were not required earlier,
- sudden activation of a fan when your computer is inactive.
These are only a few symptoms which may suggest that your computer is infected and someone tries to use your computer as a botnet.
In order to check whether your computer is a zombie-computer, it is worth activating anti- virus scanning. Such a programme should detect and remove malware.
5. Secure yourself
Botnets are used in many DDoS attacks. Many of them load server links and Internet suppliers. In order to secure against infection, it is worth installing an anti-virus programme, update software, use strong passwords which include letters, digits and special characters. It is also worth being careful while using USB and not open messages or download appendices from unknown senders.
6. Attacks with the use of botnets
Zeus botnet infected with Trojan was detected in 2007. Currently, it is one of the most popular types of malware. Its targets were sensitive devices and systems which it infected with Trojan. Zeus bots were used for collecting financial information which later on was used for sending spam and phishing. In 2009 it was estimated that Zeus botnet infected 3 600 000 hosts.
Srizbi botnet is regarded as one of the largest botnets in the world. It was discovered in 2007. It was responsible for sending spam - 60 000 000 000 of messages daily. It constituted half of all the messages of a spam type in the world. It was estimated that Srizbi botnet involved about 450 000 infected systems.
A botnet discovered by White Ops in 2016 earned from USD 3 000 000 to 5 000 000 generating clicking on Internet commercials. The botnet conducted activities on dedicated servers in 800-1200 data centres in the USA and Netherlands. Devices infected with Methbot could cause false clicking, mouse movements, information on logging to social networks and geolocalisation manipulation. White Ops published a list of false domains and IP addresses in order to enable their blocking.
Mirai malware was detected in 2016 and it consisted of the Internet of Things devices which were used for conducting DDoS attacks on a large scale. Mirai bits scanned IP addresses in order to identify devices vulnerable to attacks. Mirai software used login and passwords dictionaries in order to connect with a device. After intercepting a device, they were used for DDoS attacks.
Siren botnet in 2017 created over 90 000 false profiles of young women on Twitter. The posts of such a bot encouraged to click a link attached to a post. Such a link redirected to erotic websites or dating services. ZeroFoX informed that Siren botnet created 8 500 000 tweets and 30 000 000 clicks into the link.
Currently, malware using botnets apply more sophisticated methods. The technological development and the use of the Internet of Things extends the scale of attacks with the use of botnets. Therefore, you must be careful while clicking on messages and links from an unknown source and you must update anti-virus programmes and other programmes.