what is a botnet - A person typing on a computer, with different dots connected to it representing a botnet. The Your Password Sucks logo for the web_crawlr newsletter is in the upper right corner.

TippaPatt/Shutterstock (Licensed)

Y0ur P@ssw0rd S*cks: What is a botnet?

Should you be worried about botnets and how can you protect against them?


Mikael Thalen


Y0ur P@ssw0rd S*cks is a bi-weekly column that answers the most pressing internet security questions web_crawlr readers have to make sure they can navigate the ‘net safely. If you want to get this column a day before we publish it, subscribe to web_crawlr, where you’ll get the daily scoop of internet culture delivered straight to your inbox.

Today, web_crawlr reader Randy E. asks: “What is a botnet in layman’s terms?” 

There’s a good chance you’ve heard the term “botnet” at some point. But what exactly is a botnet? And should you be concerned about them?

In the simplest terms, a botnet is a network of compromised computers that can be controlled as a group without the knowledge of their owners.

The first recognized botnet came in 2001. Countless computers had been infected with malicious software and used to push out spam on a massive scale.

In today’s world, botnets are often associated with Distributed Denial-of-Service (DDoS) attacks, which use infected computers to bring down websites by flooding them with traffic.

But it’s not just desktop computers that can be compromised and forced to join a botnet. Cell phones and other internet-connected devices such a WiFi router, CCTV cameras, and even modern baby monitors can be used.

So should you be worried about botnets and how can you protect against them?

For starters, most people who have a device that’s been compromised and joined into a botnet will not know. But the absolute best step you can take is to keep all your internet-connected devices fully updated.

Another important step is to set up a new password on devices when you get them. Many internet-connected devices such as surveillance cameras come with a default username and password that users are often unaware of.

Hackers can scan the internet for specific devices and test whether a new password has been set or whether the default credentials are still being used. If the password hasn’t been changed, the hackers will be able to gain access to the device and use it in their botnet. Although many manufacturers are now requiring users to set new passwords, many less prominent devices still fail to do so. And remember, if 2FA is offered, definitely use it.

In many cases, the cybercriminals operating a botnet won’t spend their time digging around in individual devices and instead are more interested in using the collective power of them. That being said, an infected device could still be potentially accessed by a malicious actor.

Overall though, botnets aren’t a huge concern for the average internet user. Just keep all your devices updates, set unique passwords, and enable 2FA. Also don’t forget that antivirus software can often detect the malware used to add your device to a botnet.

Your Password Sucks is now a YouTube series! Watch this column as a video below, and subscribe to our channel for new videos every week:

Share this article

*First Published:

The Daily Dot