A botnet (short for “robot network”) is a network of computers infected by malware that are under the control of a single attacking party, known as the “bot-herder.” Each individual machine under the control of the bot-herder is known as a bot. From one central point, the attacking party can command every computer on its botnet to simultaneously carry out a coordinated criminal action. The scale of a botnet (many comprised of millions of bots) enable the attacker to perform large-scale actions that were previously impossible with malware. Since botnets remain under control of a remote attacker, infected machines can receive updates and change their behavior on the fly. As a result, bot-herders are often able to rent access to segments of their botnet on the black market for significant financial gain.
Botnets are created when the bot-herder sends the bot from his command and control servers to an unknowing recipient using file sharing, email, or social media application protocols or other bots as an intermediary. Once the recipient opens the malicious file on his computer, the bot reports back to command and control where the bot-herder can dictate commands to infected computers. Below is a diagram illustrating these relationships:
A number of unique functional traits of bots and botnets make them well suited for long-term intrusions. Bots can be updated by the bot-herder to change their entire functionality based on what he/she would like for them to do and to adapt to changes and countermeasures by the target system. Bots can also utilize other infected computers on the botnet as communication channels, providing the bot-herder a near infinite number of communication paths to adapt to changing options and deliver updates. This highlights that infection is the most important step, because functionality and communication methods can always be changed later on as needed.
As one of the most sophisticated types of modern malware, botnets are an immense cybersecurity concern to governments, enterprises, and individuals. Whereas earlier malware were a swarm of independent agents that simply infected and replicated themselves, botnets are centrally coordinated, networked applications that leverage networks to gain power and resilience. Since infected computers are under the control of the remote bot-herder, a botnet is like having a malicious hacker inside your network as opposed to just a malicious executable program.