A group of computers or servers controlled by an attacker remotely is called a botnet. The word botnet is born from the combination of the terms “robot” and “network” and is attributed to the use of robots and bots to take control of infected computers through malware or malicious software.
These types of actions are used to send spam or viruses and hijack information by taking advantage of security breaches. Its most common use is DDoS attacks (generally to collapse a website); The determining factor for these cases is the control they take when capturing and mastering numerous computers, which can be hundreds or thousands of infected computers.
How can you get infected?
If you are affected by these botnet actions, it is because some type of malware is communicating with a remote server or network. This is how the cybercriminal begins to gain control; these actions are not different from an infection of another character, that is, from normal infection.
Once you have taken control, you can sell or rent it to other cybercriminals; some issuers spam run campaigns spam. As mentioned by Fisher (2013), hackers use two methods of botnet attacks, which are drive-by downloads and email.
Attacks drive-by downloads
The cyber criminal finds a vulnerability on a web page, uploads malicious code that redirects the user to a site controlled by himself, which generates a download of a bot code that is installed on the computer. This method can be executed by means of an email message, apparently harmless advertising, a pop-up or a pop-up message, any mechanism in which information that appears to be harmless can be displayed.
In conclusion, it is an involuntary download of software from the Internet.
A massive sending of spam is generated, in which an attachment or a link is attached; These house the malicious code, and the same download process is generated when it is installed on the computer and allows control by the cybercriminal.
How to identify a botnet attack?
If your computer is acting strangely, losing control, running slowly, and you get different error messages, it is possible that you are infected either by a botnet or by another type of malicious spread. In these cases, there is no particularity to recognize a botnet, since the indications presented are the same as those of other malwares.
Common uses of Botnets
Some of the most frequent uses of botnets are to generate money. These include:
- Theft of bitcoins. As the cybercriminal is inside the computer, it allows him to steal information; for this particular case, the theft of bitcoins.
- Distributed denial of service attacks (DDoS). Attack on a computer or network system, where it is almost impossible to find a pattern on the machines.
- Bitcoins mining. The cybercriminal, through the processing of computers, takes advantage of the service and uses them for the generation of cryptocurrencies.
Some examples of recent botnet attacks are Conficker, Zeus, Waledac, Mariposa, and Kelihos.
- A computer worm that exploits and exploits vulnerabilities in Windows Server services, infecting computers either to collect information or to generate malware.
- A trojan that affects Windows servers, in order to steal confidential information and commit criminal actions.
- It is a variant of the Zeus Trojan; its method of dissemination is generally social engineering through P2P communications. These carry out the same actions of information theft, identity, and phishing.
- It is one of the best-known botnets. This is a trick of trust and deception to promote voluntary exchanges that benefit the scammer.
- It uses P2P communications; its function is to generate money either through the theft of bitcoins, spam shipments, distributed denial of service attacks (DDoS), or mining of bitcoins.
How you can defend against botnet attacks
Be aware of the actions you take from your computer, do not go to strange links, avoid opening emails from an unknown source, periodically update your computer software, protect your computer with a powerful antivirus.