← Back to Glossary

What is a Botnet?

by Iwan Price-Evans on Security • April 20, 2022

A botnet is a collection of computing devices that are connected and programmed to perform repetitive tasks. Botnets perform tasks that would otherwise have required thousands of hours for a human to complete. These are known as distributed computer systems. Botnets enable computing power to be spread across multiple devices to accomplish a task quickly and at less cost.

What are botnets used for?

Botnets can be used for legitimate and illegitimate purposes. An example of a good botnet is the SETI@home distributed computing project which ran for 20 years. The University of California, Berkeley, used volunteers' spare CPU cycles to analyze radio signals captured by the Arecibo radio telescope. Other uses for botnets are resource-intensive tasks such as data modeling, prediction, and mathematics.

However, in the majority of cases botnets are used for malicious purposes. An attacker who controls a network of devices is called a 'bot herder'. The bot herder will infect the network of devices with malicious software programs called 'bots'. Often they will control a 'spider' program that searches the internet for devices that have a vulnerability. The vulnerability allows the installation of malicious software which adds the device to the botnet network. This usually happens by automatically downloading a file from a website or by tricking a person into downloading the software. 

Once installed, the botnet software will contact its controlling computer notifying it that the device is now part of the network. This infected device is now totally under the control of the bot herder.

Types of botnet attacks

Botnets can be used to: 

  • Send millions of spam emails
  • Steal data
  • Send huge volumes of traffic to a third-party website to fraudulently generate ad income
  • Deliver ransomware
  • Generate distributed denial of service (DDoS) attacks

Types of botnets

There are two approaches to creating a botnet: the client/server model, and the peer-to-peer model.

What is a client/server botnet?

Botnets can use a central command center resource to distribute instructions to the bot devices. Each bot performs the tasks delivered to it by the control center. This is a simple but effective method of controlling a botnet. However, this model is vulnerable to being shut down easily. By disabling the control center the whole botnet becomes unusable.

What is a peer-to-peer botnet?

Attackers have moved to the peer-to-peer (P2P) model to make it harder to shut down the botnet. The attacker will embed the control center inside bot software so that many bots also function as control centers. The bot herder can then maintain a group of trusted computers that can become control centers if needed. If any of the botnet control centers are disabled by anti-malware software, control of the botnet is unaffected. 

How do you stop a botnet?

There are three primary ways to take down a botnet. 

  • By disabling its control centers.
  • Running antivirus software
  • Replacing firmware on individual devices

How to protect against botnets?

Users can protect devices from becoming part of a botnet by:

  • Using a reputable security suite that detects malware
  • Maintaining up to date software and operating systems
  • Creating secure passwords
  • Avoiding downloading unknown file attachments or clicking on unknown links
  • Periodically wiping and restoring systems

Hosts can protect websites and applications from being affected by a botnet by: