What Are Botnets and How Do They Work?

Botnets consist of a group of computers known as "zombie" computers that have been compromised by drive-by-downloads of software that can be controlled by hackers with malicious intent. The drive-by-downloads can occur through clicking on a website, browser vulnerability, ActiveX control, plug-ins, or any other applications that your computer uses to browse the Internet.

The software which is installed on your computer without your knowledge or consent is used to breach network security and stage denial of service attacks on network systems or to perform criminal acts through spamming. The problem with a botnet is the illegal act looks like it was committed by the computers that were compromised without the user's knowledge.

How Botnets Work

Botnets get their origin from criminals who are very tech-savvy and well-versed in computer programming and software creation. The criminals that perpetrate botnets are known as "bot herders" because they control the computers that have been compromised from a remote location. Once the computers are compromised they can communicate over the Internet, which means a botnet can be a group of "zombie" computers that is formed anywhere in the world.

Botnets essentially hold a computer captive for the purpose of criminal activity and there are literally millions of botnets formed on the Internet on a regular basis. What's worse is that the bots and the codes that make up a botnet are made available online where the bot herders can combine codes to create a major denial of service attack to bring down networks and websites.

Botnet Protection

Most networks use multiple firewalls and a layered security approach for protection against botnets. Other steps that can be taken to prevent botnet attacks are:

  • Full-Fledged Security Systems: A lot of companies and organizations deploy full-fledged network security systems that cover all levels of the network from individual computers to the servers, local area networks, and external connectivity to the Web. They also install intrusion detection systems and protection at the gateway to email servers.

  • Disabling Unused Ports: Another protection measure is shutting down unused ports that are not required for specific applications on the network. These are ports that are used for ftp applications and Internet Relay Chats which are the prime applications hackers use to get the bot computers to communicate with the bot herder.

  • Isolation: Isolation involves putting a plan in place in the event of a botnet attack which isolates the infected computer from the network immediately after the attack is detected by the security system. The infected computer is used to educate the organization on the security breach so a patch can be developed to repair the vulnerability.

  • Educating Users: Companies and organizations provide education for users on how to browse with care and be wary of opening email attachments that can contain botnet software.

Log in or sign up to comment.

Post a comment

Log in or sign up to comment.

With the advent of wireless Internet, more and more computer users are entering the world of cyber space.

Yet, while these users are well aware of the importance of the protection of their computer when hooked up to regular internet providers, they are often oblivious to the fact that the same cyber dangers, and in fact even more, exist in the world of WiFi.

What you may not know is that same Internet connection that makes it possible to check your email from the comfort of your bed also makes it easier for hackers to access your personal information.

It is for this reason, the sharing of the wireless Internet connection, that protecting your computer when wireless is even more important than ever before.