Net­work­ing devices together allows for greater pro­cessing power, which means you can carry out complex tasks more ef­fi­ciently and quickly. However, the same tech­no­logy is being used for illegal purposes and botnets have come to be as­so­ci­ated with cy­ber­crime. But what exactly is a botnet? What should you do if you find out that you’re part of an illegal botnet, and how can you protect yourself in the future?

What is a botnet?

A botnet is a network of computers used to perform a number of routine tasks. Botnets can be good or bad. Good ones ensure that websites and Internet Relay Chats (IRC) work properly, for example. Botnets are also used as part of large research projects to carry out complex com­pu­ta­tion­al processes more rapidly. The best-known example is the SETI@home project run by the Uni­ver­sity of Cali­for­nia, Berkeley that lets anyone share their PC’s computing power to help search for extra-ter­restri­al in­tel­li­gence.

Defin­i­tion
Botnet: A botnet is a network that draws computing power from networked machines in order to carry out routine tasks such as sending emails or calling up websites. Such networks can be used for le­git­im­ate purposes, but they are best-known for their use by cyber criminals.

Malicious botnets are primarily used to send spam or steal user data. Cyber criminals use programs known as web crawlers (which are also used by search engines) to quickly and silently infect other computers with malware. These web crawlers search the web and analyse websites. They identify potential security flaws, which are then analysed and exploited so that malware can be placed on a website or sent via email.

Image: Structure of a botnet
Botnets are co­ordin­ated by a “botmaster” who assigns routine tasks to the in­di­vidu­al “zombie PCs.” Such tasks might include sending spam, stealing user data, visiting and analysing websites, and re­cruit­ing new bots.

Botnets can spread in four different ways. The first involves dis­trib­ut­ing the malware by email. Here, the botnet is used directly to expand the network further – the in­stall­a­tion program is sent by email and the recipient is asked to download the at­tach­ment. As soon as they open the file, the malware is installed in the back­ground and the computer becomes part of the botnet.

Another way for botnets to spread is through “voluntary” downloads. Here, the user downloads and executes a piece of software which appears perfectly harmless, but actually contains a trojan horse. Le­git­im­ate programs are in­creas­ingly being hacked and turned into carriers for trojan horses.

Thirdly, so-called “exploits” are also used to expand botnets. This technique exploits security holes in operating systems or browsers in order to recruit computers to the network. Some exploits still require the user to actively click on a clink, but “drive-by in­fec­tions,” whereby malicious code is executed as soon as a site loads, are becoming in­creas­ingly common. In this way, popular websites that have no con­nec­tion to the botnet can also be infected.

The last and least common means by which botnets spread is by manual in­stall­a­tion. This usually involves servers, because they have a good network con­nec­tion and more pro­cessing power.

How does a botnet work?

The con­struc­tion of the network begins when a bot in­filt­rates an external computer. The bot acts in the back­ground and, in most cases, the user does not even notice it. Via the bot, the botmaster can access the computer and force it to carry out simple tasks. Each in­di­vidu­al computer being con­trolled in this way is called a zombie PC.

These zombie PCs com­mu­nic­ate with one another via the internet and receive commands from the botmaster. Since they can only be con­trolled online, they are only active when they are switched on and connected to the internet.

The botmaster sends the same command to all of the zombie PCs. Commands include visiting a website, sending spam, or launching a DDoS attack.

What are botnets used for?

Botnets aim to harness the pro­cessing power of other computers in order to perform routine tasks. The majority of botnets are created for illegal purposes. For example, cyber criminals use them to obtain important in­form­a­tion and data which they then either use for their own benefit or sell on the “darknet” – the black market of the internet.

Botnets are ideal for sending spam such as phishing emails, because they allow the spammer to remain anonymous (the illegal activ­it­ies are carried out via the network of external computers).

Botnets therefore have the potential to cause sig­ni­fic­ant damage. They are often used to carry out Denial of Service (DoS) attacks. Here, the networked computers are used to flood a website with traffic so that the servers are over­loaded and the online service can no longer be provided. This kind of attack can cause huge financial losses to the site operator, par­tic­u­larly in the domain of e-commerce.

Once a bot has access to an external computer, it can also retrieve users’ personal data, including in­form­a­tion about their interests. The botmaster can then analyse this data and use it to replace banner ads with adverts that are spe­cific­ally targeted to the user.

How do you spot a botnet?

Because botnets act in the back­ground, it’s very difficult for regular users to spot a them. However, there are certain signs that may indicate that your computer has been infected.

For example, if you notice that your internet con­nec­tion is much slower than usual or that the load has increased sig­ni­fic­antly even though you haven’t changed your data usage, you should in­vest­ig­ate further. Virus scanning software can detect malware and thus expose botnets. Other warning signs include unknown processes in the task manager and sus­pi­cious auto-start entries.

How can you protect yourself from botnets?

Skilful cyber criminals manage to track down even small security flaws, but there are some things you can do to make access harder for them. Pre­ven­tion is the name of the game! Here are a few tips for making sure your computer has the best possible pro­tec­tion against illegal attacks.

Firstly, it is highly re­com­men­ded to install anti-virus software. Another important form of pro­tec­tion is the firewall. Check that yours is con­figured to offer the highest possible level of pro­tec­tion. You should also install updates for your operating system and software as soon as they become available so that you don’t expose yourself to risks due to security flaws in outdated versions. It is also advisable to install browser pro­tec­tion to warn you about phishing sites and malware.

Because many computers are infected via email, you should be aware of how to protect yourself from such attacks. For example, you should never open email at­tach­ments that seem sus­pi­cious or you did not expect. Ignore emails that claim to come from financial in­sti­tu­tions but that contain sus­pi­cious links or multiple spelling mistakes.

Finally, it’s generally safer to use a non-ad­min­is­trat­or account for everyday use of your computer and only use an ad­min­is­trat­or account when you really need to. This reduces the risk of malware pen­et­rat­ing deeper into your system, because extensive priv­ileges are usually required to change system settings.

IONOS E-Mail Val­id­a­tion service

Check the au­then­ti­city of an IONOS email, find out straight­away if it is a phishing attempt and report it to remove the phishing content.

  • Validate email
  • Easy to use
  • Remove phishing
Go to Main Menu