What is a Botnet?

The ongoing war between malicious hackers and technology security specialists has been waging for as long as the Internet has been widely used. One tool in the arsenal is called a Botnet. A Botnet essentially is a number of devices which are connected by the internet and controlled remotely by the botnet’s owner. But how are these made? Why are they almost always associated with nefarious activities? And are there any botnets out there doing good?

There are a few ways for someone to start amassing a botnet. The most common involves an individual purchasing or building a malicious program that will infect a targeted computer or network of computers. Usually this is in the form of a Trojan Horse, but it can be done with drive-by downloading or exploitation of browser vulnerabilities. The program then logs into the victim’s command and control server, and as simple as that the infected computer is now at the mercy of the botnet’s owner.

Botnets can be rather small, to impressively massive in scale. However, the only individuals who may have any guess as to how large these networks are would be the botnet operators themselves. This is because the infected computers rarely experience any disruptions in normal service except when they are being used for various tasks that the owner has commanded them to take part in. Also most attempts to track botnets by the number of IP addresses within them may lead to inaccurate estimates, since the owner may be tumbling through numerous IPs.

Botnets usually get a bad reputation because of the overwhelming number of malicious activities that they have been used in. Especially with media outlets reporting sensationalist stories of attacks using botnets – which seem to always blame the Internet more than the actual human attackers.

That being said, botnets usually are used for things like distributed denial of service (DDoS) attacks. These DDoS attacks have played large roles in attacking financial institutions and other organizations in the past. It makes sense, as a botnet can provide an incredible amount of traffic/power to an attack like that with the keystrokes of a single actor. But botnets are also used in spyware campaigns, click fraud, and dubious bitcoin mining.

However, not all botnets are used for such activities. The difference between botnets used in illegal activities and botnets which are helpful for benevolent and benign applications, appears to be what we call them and how we acquire them. Cloud computing applications like Amazon Web Services seems to share a large amount of characteristics of botnets as far as their usability. The difference, of course, is that we call that “Infrastructure as a Service” and all of the computing power is legally rented out to users.

So some types of botnets can be used for good – provided that the companies and individuals renting out AWS are on the level. But with the reputation that botnets have, it’s easy to understand why AWS and other similar services would call themselves “Cloud Computing” as opposed to “Botnet.”

Subscribe to Technology This Week