Back to Top

Phone: 202-363-5832, Email: contact@alianwebserver.com

Articles

Cyber security information, guides and research



An Introduction to Botnets


Some cyber attackers can control armies of millions of Internet-connected devices remotely. And they will often use their powers to launch devastating DDoS attacks and upload malware to the targeted computers. Here's what you need to know about botnets.

First of all, botnets are created using infected Internet-connected computers. I am talking about regular PCs, but also about those tiny computers which can be found in Internet of Things (IoT) devices, security cameras, smart home gadgets, and so on. Since these infected devices are distributed across the entire planet, tracking the attacker is almost impossible.

Some hackers use their botnets to send huge amounts of email spam, being paid handsome amounts of money for the job. Just think at all the opportunities that arise from getting free promo credits and other goodies for millions of different account signups, for example. Others use their remote-controlled cyber armies to spy on people, companies and sometimes even governments.

Account takeovers are also possible; millions of gadgets will try different username/password combinations until a match is found. The implications are very serious, ranging from online reputation management failures to financial fraud.

Everything starts with a piece of malware that infects a vulnerable device. Since many IoT gadgets weren't built with security in mind, their users' account information is often uploaded to servers in plain text. This means that any hacker who gets access to one of those servers can log into any device, and then tell it to download a software "update" which will transform it into a remote-controlled tool.

These vulnerable gadgets are often connected to a computer network; once that a poorly secured IoT gadget is infected, clever cyber criminals may be able to install malware on all the devices that belong to that network, and then use them to their advantage through a command and control server.

DoS (Denial of Service) attacks slow down servers, making companies lose revenue and getting their reputation tarnished. Sometimes this problem can only be detected due to an increased number of customer complaints.

Famous botnets include Mirai, which turned Linux-based devices (mostly routers and IP-based cameras) into bots back in 2016. These bots were then used to attack the dynamic DNS servers which route Internet traffic. Unfortunately, Mirai's source code has been published online, so several hackers have used parts of it to create new malware species. A few Mirai variants are now able to use the infected devices for cryptomining, earning their makers a lot of money.

The list with other notable botnets includes Emotet, which sends emails that include infected attachments and links to malware-loaded websites. People who click one of those links or download and run the attachments will get their computers infected. Once that the malware has found its way in, it will start to download other pieces of malicious software. Researchers state that Emotet can extract passwords from the locally installed applications, infects other computers in the same network, and so on.

3ve (pronounced "Eve") has spread using a similar mechanism, but it was used for click fraud, making advertisers pay a lot of money for useless ad clicks. At its peak, 3ve infected 1.000.000+ computers and earned its makers over 30 million dollars.

Taking down botnets is virtually impossible. It's true that command and control servers can be discovered, and then shut down, but the infected devices continue to be vulnerable. Most people don't keep their PCs and gadgets updated, and to make matters even worse, many device manufacturers and application developers don't update their software.

There is a simple explanation for this: Lots of IoT devices have a very low profit margin, so device security isn't of the outmost importance. Therefore, as people purchase inexpensive IoT gadgets in larger and larger numbers, they are only increasing the number of potential botnet targets.

To keep your computer network safe, get rid of the unsafe devices which don't get updates anymore, and keep all the other ones up to date. Then, lock down access to these devices by implementing multi-factor authorization (there's an article about this on the blog) and tight access control policies. Also, don't forget to ask for qualified help if things don't work out as expected, or if you don't have a security consultant in your team.