Botnet is called the set of computers, that have been infected by using Malware tools and that can be controlled remote by a single individual in order to make attacks that can be cyber crimes.
The Botnets are used extensively to perform Distributed Denial of Service (DDoS) attacks, launching from all the computers belonging to the botnet, and massively, requests to the server to exhaust their resources and that this is not able to offer the service to normal users. The most typical thing is to get over the traffic limit producing an overflow of traffic.
It arose along with the growth of intelligent systems. At first it was used in the IRC chat systems, where there were some services that were repetitive, such as content control, privileges, among many other tasks that could be substituted by some intelligent program.
In 1993, the first intelligent bot tool, the Eggdrop, was born. This tool was developed in order to provide users with different online chat services but the idea expanded and quickly many cyber criminals began to develop bot tools with malicious intentions.
The attacks to these chat systems allowed the attackers to obtain the control privileges on a chat channel, granting them, in this way, the possibility of making expulsions to other users, as well as changing the description of the chats, etc.
Usual uses of botnets
The most common is that a botnet is used to send spam to email addresses, for downloading files (illegal content normally) that occupy large space and consume large bandwidth, to perform attacks of type DDos.
How to know if the computer is hijacked?
It is more complicated than locating other virus infections. It will try to work without the user noticing it and probably the computer does not have any strange behavior or it is very slight, however there are some symptoms:
- Internet connection is slower than normal.
- The hard drive works even if we do not request it.
- Malfunction of the keyboard or mouse.
- Reply to emails that the user has not sent.
To verify fraudulent use, we can check which ports are open and what uses they are having.
What to do if you are under the attack of a botnet?
It is almost impossible to find a pattern of the machines that are attacking you, you can not see the packet filtering as a real solution that works, however, it can be minimized by making a passive packet scan to reconfigure and adapt the firewall. Botnets typically use free DNS services for dynamic IPs to point to a subdomain to which the creator can connect in case of IRC server shutdown. Sometimes it's enough to warn you to cancel your account. Luckily the structure of botnet servers has weaknesses in its architecture. But there is a list of alternative servers in case this happens.
- Sending spam.
- Attacks of DDos.
- Hosting files for websites.
- Distribution and installation of new malware.
- Abuse of online advertising.
These can be sent by different methodologies and protocols: IRC chat channels, HTTP communications, peer-to-peer (P2P) networks or commands on social networks ...
How to avoid the attack
You have to apply the same measures that are used for any type of virus. To avoid attacks to release the infected computer you must have installed a system that protects against viruses, spyware, ... It is also necessary to have a firewall, responsible for monitoring the Internet connection and update the operating system and the browser with the latest security patches. Do not download programs from anywhere, etc.
More about botnets
There are other associated terms and related to various features of the bots:
- Knowbot (knowledge robot), information retrieval tool in the network.
- Robot, a program that travels the network carrying out specific tasks, creating indexes of the contents of sites, feeding search engines, indexing pages and locating errors.
- Bot web, to control computers, launch attacks and endanger data.
- Shopbot, help tool for the purchase of products and services in the network.
- Spybot Search and Destroy, an anti-spyware program that protects browsers from parasites that circulate in the network.