This is one of the 52 terms in The Language of Cybersecurity published by XML Press in 2018 and the contributor for this term is Tolu Onireti.

What is it?

A network of computers that have been infected by a malicious software program – a bot – which turns them into zombie machines that can be remotely controlled by an attacker without the zombie machine owner’s knowledge.

Why is it important?

Cybercriminals use botnets, which can contain from 100 to over 100,000 zombies, as free resources to execute attacks. A botnet can execute Distributed Denial of Service (DDoS) attacks, store illegal content, and send spam, viruses, phishing email, and spyware.

Why does a business professional need to know this?

Cyber attacks using botnets are on the rise. On October 21, 2016, top internet websites were not accessible for most of the day due to a Distributed Denial of Service (DDoS) attack caused by the Mirai botnet. The Mirai botnet attacked the managed domain name server (DNS) infrastructure of the internet infrastructure firm Dyn. The attack stopped after it was mitigated by Dyn’s engineering and operations team. Dyn estimated there were at least 100,000 Mirai zombies used in the attack.

A computer can be infected by a bot when an end user clicks on a link or opens an attachment that contains the bot. Another method of infection is when a bot exploits a vulnerability in the computer software.

Zombie machines are controlled by a cybercriminal called a bot-master or a bot-herder. The botmaster sends instructions to the zombies through a command-and-control center.

A cybercriminal can use a botnet in many ways, including the following:

  • To launch large-scale DDoS attacks, rendering the target unavailable until the cybercriminal stops the attack or traffic to the target is sanitized and normal operations restored
  • To store illegal content on zombie computers
  • To steal data such as credit card numbers, bank credentials, and other sensitive information from zombie machines
  • To send spam, viruses, phishing email, and spyware
  • To execute click fraud, by repeatedly clicking on ads to generate fraudulent hits

Possible symptoms of a bot infection include slow internet connection, low system performance, system crash, or mysterious messages. Antivirus software can often detect the existence of a bot, remove it, and restore normal operations.

To prevent computers tablets, smartphones, and other devices from being infected by a bot (or any malicious software), install an antivirus program, educate end users of the risk associated with clicking on URL links or opening attachments from untrusted sources, install patches as soon as they are released, and set up the system to automatically install updates.