What Are Botnets and How Do They Work?
Botnets consist of a group of computers known as "zombie" computers that have been compromised by drive-by-downloads of software that can be controlled by hackers with malicious intent. The drive-by-downloads can occur through clicking on a website, browser vulnerability, ActiveX control, plug-ins, or any other applications that your computer uses to browse the Internet.
The software which is installed on your computer without your knowledge or consent is used to breach network security and stage denial of service attacks on network systems or to perform criminal acts through spamming. The problem with a botnet is the illegal act looks like it was committed by the computers that were compromised without the user's knowledge.
How Botnets Work
Botnets get their origin from criminals who are very tech-savvy and well-versed in computer programming and software creation. The criminals that perpetrate botnets are known as "bot herders" because they control the computers that have been compromised from a remote location. Once the computers are compromised they can communicate over the Internet, which means a botnet can be a group of "zombie" computers that is formed anywhere in the world.
Botnets essentially hold a computer captive for the purpose of criminal activity and there are literally millions of botnets formed on the Internet on a regular basis. What's worse is that the bots and the codes that make up a botnet are made available online where the bot herders can combine codes to create a major denial
of service attack to bring down networks and websites.
Most networks use multiple firewalls and a layered security approach for protection against botnets. Other steps that can be taken to prevent botnet attacks are:
- Full-Fledged Security Systems: A lot of companies and organizations deploy full-fledged network security systems that cover all levels of the network from individual computers to the servers, local area networks, and external connectivity to the Web. They also install intrusion detection systems and protection at the gateway to email servers.
- Disabling Unused Ports: Another protection measure is shutting down unused ports that are not required for specific applications on the network. These are ports that are used for ftp applications and Internet Relay Chats which are the prime applications hackers use to get the bot computers to communicate with the bot herder.
- Isolation: Isolation involves putting a plan in place in the event of a botnet attack which isolates the infected computer from the network immediately after the attack is detected by the security system. The infected computer is used to educate the organization on the security breach so a patch can be developed to repair the vulnerability.
- Educating Users: Companies and organizations provide education for users on how to browse with care and be wary of opening email attachments that can contain botnet software.