What Are Botnets and How Do They Work?

Botnets consist of a group of computers known as "zombie" computers that have been compromised by drive-by-downloads of software that can be controlled by hackers with malicious intent. The drive-by-downloads can occur through clicking on a website, browser vulnerability, ActiveX control, plug-ins, or any other applications that your computer uses to browse the Internet.

The software which is installed on your computer without your knowledge or consent is used to breach network security and stage denial of service attacks on network systems or to perform criminal acts through spamming. The problem with a botnet is the illegal act looks like it was committed by the computers that were compromised without the user's knowledge.

How Botnets Work

Botnets get their origin from criminals who are very tech-savvy and well-versed in computer programming and software creation. The criminals that perpetrate botnets are known as "bot herders" because they control the computers that have been compromised from a remote location. Once the computers are compromised they can communicate over the Internet, which means a botnet can be a group of "zombie" computers that is formed anywhere in the world.

Botnets essentially hold a computer captive for the purpose of criminal activity and there are literally millions of botnets formed on the Internet on a regular basis. What's worse is that the bots and the codes that make up a botnet are made available online where the bot herders can combine codes to create a major denial of service attack to bring down networks and websites.

Botnet Protection

Most networks use multiple firewalls and a layered security approach for protection against botnets. Other steps that can be taken to prevent botnet attacks are:

  • Full-Fledged Security Systems: A lot of companies and organizations deploy full-fledged network security systems that cover all levels of the network from individual computers to the servers, local area networks, and external connectivity to the Web. They also install intrusion detection systems and protection at the gateway to email servers.

  • Disabling Unused Ports: Another protection measure is shutting down unused ports that are not required for specific applications on the network. These are ports that are used for ftp applications and Internet Relay Chats which are the prime applications hackers use to get the bot computers to communicate with the bot herder.

  • Isolation: Isolation involves putting a plan in place in the event of a botnet attack which isolates the infected computer from the network immediately after the attack is detected by the security system. The infected computer is used to educate the organization on the security breach so a patch can be developed to repair the vulnerability.

  • Educating Users: Companies and organizations provide education for users on how to browse with care and be wary of opening email attachments that can contain botnet software.

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.
Identity theft comes in many forms.

A person\92s identity can be 'borrowed' for the purpose of creating fictional credit cards or a person\92s entire identity can be usurped to the point where they can have difficulty proving that they really are who they claim to be.

Up to 18% of identity theft victims take as long as four years to realize that their identity has been stolen.

There are many ways to protect your personal identity and many steps you can take to prevent your identity from being stolen:

*Never give out unnecessary personal information
*Never provide bank details or social security numbers over the Internet
*Always remain aware of who is standing behind you when you type in your personal credit codes at ATM machines and at supermarket checkout swipe machines.