What is a botnet and how to defend yourself from the malware-infected “zombie network”.

The English term “botnet” consists of the words “robot” And “network” (in Italian “network”). A botnet, therefore, can literally be defined as one robot networkor a set of computers and devices which, following a malware infection, come controlled remotely by a third party (or by a group composed of several subjects). The news has arrived in recent days according to which «La botnet 911 S5 infected over 19 million IP addresses to enable billions of dollars in fraud related to the pandemic and unemployment and access to child exploitation material”, as reported in an official note published by the US Department of Justice's Office of Public Affairs regarding 911 S5defined by the FBI the largest botnet in the world. But exactly what is a botnet and how does it work? Above all, is it possible to defend yourself? Let's clarify.

What is a botnet and how does it work

A botnet is a set of “zombie” computers controlled remotely by cybercriminals in order to carry out cyber attacks. To feed itself and expand, it distributes malware to infect other computer systems. The more computers and devices are “enlisted” by cybercriminals, the greater the number of resources they will have available for launch coordinated attacks. Here's why sometimes botnets have millions of bots!

Let's delve a little deeper into the technical functioning of the botnet by analyzing the main “actors” involved in this particular phenomenon. First of all we have i botmaster (also called bot herder), or the hackers (it would be more correct to actually say i cracker) that use remote commands to lead a collective of hacked computers. The latter are called bot or zombie computers and, as can easily be understood, represent the individual devices infected by the botmaster via malware. Ultimately we have the victimsthat is, those who unknowingly download malware that affects their systems.

How do botmasters create a botnet? Usually the modus operandi comprehends 3 main phases.

  1. Preparation: in this phase the botmaster exploits the technical vulnerabilities present in a site, in an application, etc. to violate the computer resource and use it as a vehicle for potential infections. In other cases it could spread malware by sending malicious links via email, online messaging, etc.
  2. Infection: if the user falls into the “trap” prepared by the botmaster, he will download the malware (usually completely unconsciously). This could happen in several ways, for example by downloading a seemingly harmless file hosted on a website hacked by the cyber attacker or by downloading it via a link received via email. In more “refined” attacks the botmaster could also use the so-called drive-by download (i.e. an involuntary download of software by the user, who will then download the malware without having to perform any action on the site he naively visited.
  3. Activation and control: the botmaster at this point organizes all the devices he has managed to infect into a network of “bots” that he can manage remotely. Once infected, in fact, a bot acts like a real zombie computer, allowing whoever controls it to have administrator privileges to read and write system data, collect the victim's personal data and monitor their activities, send files and other data , and so on. After setting up the botnet, the botmaster will exploit it depending on the criminal objectives he intends to achieve: send spam and virusesthrow DDoS attacks (Distributed Denial of Service), steal personal data to be resold on the Dark Web, use the hardware resources of the infected devices for the mining of cryptocurrenciesand so on.

How to defend yourself from a botnet

Despite the cunning of cyber criminals, defending yourself from a botnet is possible. Of course, given that cyber dangers are always around the corner, to succeed you need to be particularly careful users. A good starting point might be to follow some sort of “cybersecurity routine” which includes the following measures:

  • Use strong passwords and update them frequently: use long and complex passwords (for example passphrase, i.e. meaningless passphrases that are at the same time easy to remember) and updating them periodically is one of the best ways to improve your IT security. Furthermore, where possible, it is advisable to activate thetwo-factor authentication and the passkey (the latter use biometric systems to access various accounts and systems)
  • Do regular virus and malware scans: this is especially important if you are using a Windows PC or Android device.
  • Do not download files and attachments from suspicious sources: it is important to pay attention to this aspect especially if these are hosted on websites without the HTTPS protocol and/or coming from unknown email addresses.
  • Do not purchase devices with dubious safety: botnats often aim to infect smart home devices as well. The cheapest ones are usually also the least secure from an IT point of view, so it is better to avoid them.