What’s A Botnet 🤖 ?

A botnet is a network of devices infected with malicious software, controlled remotely. These compromised devices, or "bots," connect to a central server operated by the attackers.

They receive commands to carry out various malicious activities such as sending spam emails, launching DDoS attacks, or stealing sensitive information. This enables Botnets to coordinate attacks and multiply their damage or processing to speed up tasks.

A popular method used by botnets is to follow three stages for their plan of attack. Their first move is to infect your machine, lay dormant and slowly expand by sending information to other machines to infect them. Once it’s reached critical mass, the botnet attacks altogether following orders from its command computer.

Well, what other things are these zombie machines capable of? They’re known to attack in various ways such as, read/writing your system data, collecting your personal data and spying on you, not to mention sending that data outbound. They can also forcibly install aps and infect other devices on your network continuing their expansion.

Due to this malware’s capability, it has become one of the bigger threats in the cybersecurity space. It’s also incredibly difficult to detect for most users as many never see their computers resources being used for nefarious means.

Now that we know the depth of a botnet, how it operates with a chain of command, and what their capabilities are. We’re now able to compare some real life examples to really nail home this threat.

What Are Some Real-Life Examples?

Earthlink Spammer

Botnet’s first attacked in 2000, now hailed as the EarthLink Spammer. A cybercriminal named Khan Smith had developed a botnet with the goal to mass spam phishing scams. Khan had utilized Earthlink’s company network to spam over 1.25 million emails masked as legitimate communications.

Thanks Khan, now I have to check my subject line every email. Due to the age of this event, there is not much available to have a full breakdown but we did find an article from 2003 about Earthlink winning its lawsuit against Khan.

Storm

Known as one of the first botnets that operated by peer-to-peer connections, it was controlled not by one main machine but by several servers. This botnet was innovative for 2007, it even survives today through some infected services. The size of it’s infected horde ranged from 250,000 to 1 million infected computers. The scary part? People could pay for its services.

Take a blast to the past, here is a 2007 article breaking down Storm.

Mantis

Claimed to be the most powerful botnet to date, it’s last projected number in 2022 was 5,000 infected devices. Cloudflare estimated they blocked a total of 26 million requests PER SECOND when this launched. They laughably called this Botnet Mantis due to its small stature but powerful punch. This is the most recent recorded and widely known Botnet.

How Do I Stop It? 🛡️ 

Botnet’s seem covertly dangerous and you may ask yourself, how do I know if I truly protected myself?

This is the hardest question for any defense.

The only way to be protected is to be proactive, there is a number of various things you can do to ensure you and your networks safety. We know that this malware will target users typically and historically through phishing emails.

A phishing email is easy to pick out, take a look at this example email that I frequently receive.

Notice how they use an official title but fail to mask the sender with a proper email address. Most individuals are fortunate now to have an ISP like Comcast that prevents certain pop-ups in your email and calls out attention to oddities in it. You can also notice they personalized the names, the blocked out sections is my email.

The easiest way to combat this is to report, block the sender, and forget about it. You can also setup personal rules in your emails that will block out suspicious emails.

Let’s say you’ve accidentally clicked on a link in this email and now you’re scared. I always lean on the side of caution, I’ll update my passwords and 2 factor authentication with a new code. You can also utilize a third-party anti-virus to scan your system after, I personally recommend and use MalwareBytes but you can use what is affordable and customized for you.