Botnets are a sophisticated form of malware. A botnet is a group of computers controlled remotely by an attacker. The computers are typically distributed all over the Internet making them difficult to track down and almost impossible to shut down. It is believed that most botnets are operated by criminals for financial gains.
The early computer viruses were mostly made for fun or fame. Many of them could be annoying but did not do any real damage, a few were harmful but they did seldom survive for long. But none of them brought in any money for the creators. Things have changed a lot since the good old days, nowadays malware can be a very lucrative business. And the most lucrative of all malware are botnets.
So what is botnet? Botnets are a collection of computers that have been infected so that they can be controlled remotely. Botnets can be made up of a huge number of infected computers, the largest botnets are made up of hundreds of thousands of computers. The person controlling the botnet is known as the botnet operator or the bot master.
While many viruses are easy to detect, sometimes unfortunately after they have damaged the computer, botnets are very difficult to detect. The whole point of a botnet is to control as many computers as possible for as long as possible. This can only be achieved by using stealth, making the malware as unobtrusive as possible. The infected computer is only used for small tasks which don’t put much load on the computer.
The main use of botnets is to send spam emails, everything from promoting overpriced products to phishing for login information. But botnets can be used for many other purposes. DDOS, distributed denial of service, attacks are often suspected to come from botnets. They can also be used to generate fake web traffic and so called click fraud. The botnet software can also include spyware used for identity theft.
Controlling a huge number of computers all over the world can be profitable. It is believed that many of the largest botnets are controlled by organized crime. These organizations can pay for skillful programmers, which explains why many botnets are very sophisticated, far beyond the level of normal computer viruses.
Botnets used to be controlled from one central point, this made it easy for the botnet operator to control the infected computers. But it was also a single point of failure and made it relatively easy to detect and destroy a botnet. That said, often the infected computers in a botnet that has been shut down can be taken over by the same operator, using a new central server. The botnet operators realized quickly that if the botnet was controlled from one single computer, the whole network was very vulnerable. Therefore, nowadays centralized botnets are often managed by a few computers, giving the bot master the possibility to control the network even if one of the central servers is compromised.
But botnets that are managed from a few servers are still relatively easy to block. To make it more difficult to destroy botnets, peer-to-peer (P2P) botnets have been developed. In these networks, every peer, that is every computer, can act as a control server. Such botnets are much harder to detect and shut down, there is no single point of failure.
Protecting yourself against botnets is done in the same way as against standard computer viruses. Make sure that you install all security patches and use anti-virus software. But botnets often use a number of attacks. Often they scan networks for vulnerable computers which can make it very difficult to get rid of a botnet if it gets inside your network.
Anti-virus programs are good at removing botnets from your computer but botnets have started to become polymorphic, making it more difficult for virus scanners to detect them. The problem with botnets has become so large that ISPs are cooperating to block the control traffic.