What is a botnet?

Have you been a victim of a botnet attack?

Often when people face attacks against their website infrastructure they are left being told that their website was attacked by a botnet. To the non technical this means absolutely nothing, and of course most people are left thinking, what is a botnet?

What is a botnet?

A botnet is a collection of compromised computers, which can vary in number depending on how widely spread the attackers virus/worm is. The size of a botnet may range from 5 to 1 million computers strong, and may be compromised of Windows, Linux and Mac computers. All of the infected computers are controlled remotely by the hacker, which often coordinates attacks from a central ‘command and control’ server. A command and control server is a central platform that all of the compromised computers connect to once online to accept new commands from the hacker. From this command server the hacker may instruct all the bots with commands to do various things such as, attack a website, scan for more computers to hack and infect, update bot code etc.

How does a botnet attack work?

DDoS attack simulation example

 

Above image shows how a botnet is coordinated by a criminal hacking group aka ‘botnet masters’. They send signals to thousands of compromised PC’s which are controlled from Command & Control Servers that act as a central gathering place for all the zombie PC’s to connect to when online. These servers are often compromised high powered servers, or server that have been purchased with hacked credit cards from the harvested data on the zombie PC’s. Once the command is given, the zombie PC’s can flood the victim’s server offline, putting and end to business operations, often until a ransom is paid.

What is DDoS?

DDoS stands for Distributed Denial of Service, and is the most common attack technique that botnets use. The idea behind it is to deny a service i.e a website from working by flooding the server with massive amounts of requests that stop the web service from working correctly and eventually take the website offline (see above image).

How Security Audit Systems can help

Security Audit Systems offer a variety of solutions to counter botnets, whether your network has been infected with one, or you are the victim of an on-going DDoS attack. Please visit our DDoS Protection page to view all of our available services.