What Is a Botnet?

Photo by Brian Klug/Flickr (CC-BY)

Untangling the scary truth about botnets

Botnets are one of the most powerful cyberweapons on the internet. Here's what you need to know.


Ben Dickson

Layer 8

Posted on Aug 23, 2017   Updated on May 22, 2021, 7:41 pm CDT

Your smart TV, fridge, digital video recorder, computer or printer might be a member of a secretive cybercriminal army, carrying out the commands of an evil cyber-warlord wreaking havoc across the internet. And those armies, called botnets, have enough firepower to shut down a considerable portion of internet services at the same time.

Here’s a quick rundown of what botnets are, why they’re so dangerous—and what you can do to protect yourself.

What is a botnet?

A botnet is a network of devices compromised by a malware the enables cybercriminals (called bot herders) to remotely command them without their real owners’ knowledge or consent. Bot herders control their botnets through command-and-control servers and employ them for various kinds of attacks.

The most common use for botnets is distributed denial-of-service (DDoS) attacks, in which the bots are commanded to flood a website or server with a very large number of simultaneous requests in order to overload and shut it down. Other uses for botnets include stealing financial information, or conducting massive click-fraud campaigns.

Botnets have been around for decades, as far back as 1988, when the Morris worm was unleashed. However, in recent years, they’ve turned into a major threat that accounts for billions of dollars in losses to their victims. Some of the most damaging cyberattacks of the past year were conducted by botnets, including the internet blackout of Oct. 21, 2016, which was caused by the Mirai botnet. An estimated 500 million devices become infected with botnet malware every year, amounting to 18 victims per second.


Why are botnets such a problem now?

One of the major reasons that have contributed to the rise of botnets is the growth of the so-called internet of things (IoT). There are now billions of IoT devices connected to the internet, and they are generally more vulnerable to attacks than general computing devices such as desktop and laptop computers. Bot herders often find vulnerable devices by running a simple query in Shodan, the search engine for internet-connected devices, which has also become one of the favorite tools of cybercriminals.

Botnet owners not only use their zombie army for their own evil deeds, but also rent them out to other attackers to conduct DDoS or information theft. In 2009, the developer of the Bredolab botnet, earned an average $125,000 per month by renting access to his network of compromised computers to other attackers. More recently, the creators of Mirai offered to their botnet for $7,500 per hour, which could be used to launch 1 terabit/second DDoS attacks.

what is a botnet
Sandia Labs computer scientists study the behavior of botnets by running millions of virtual machines.

How can I protect myself from botnets?

What makes botnets especially dangerous is that in most cases, devices become infected with the malware without their owners ever taking note. Your computer might be instrumental in a cybercrime without you ever taking note, aside from slightly slower performance or an unusual increase in internet traffic, symptoms that most average users will not investigate. This is even more accentuated in the case of IoT devices, which are often installed and forgotten.

However, here are some things you can do to prevent your devices from becoming secretly involved in cyberattacks.

  • Keep all your software, hardware and firmware up to date with the latest patches. That includes your connected appliances. Most botnet masters find their targets by searching for devices with unpatched vulnerabilities and inflicting them with malware.
  • Change factory settings, especially on smart devices, which usually have default passwords and device names. Botnets often scan the internet for devices with unchanged factory settings to compromise them. While you’re at it, avoid weak passwords as well, because they can easily be cracked by brute force and dictionary attacks.
  • Don’t leave unnecessary features and network ports open on your software and devices. Reducing your attack surface will make you stronger against attackers.

Ben Dickson is a software engineer and the founder of TechTalks. Follow his tweets at @bendee983 and his updates on Facebook.

Share this article
*First Published: Aug 23, 2017, 7:00 am CDT