Imagine you are relaxing in your backyard and enjoying your coffee on a peaceful Sunday morning. Suddenly, some cops knock your door and tell you that they doubt your involvement in a cybercrime! They investigate your computer and find out that many hacking incidents and cyberattacks are deployed from your own PC! And you have no clue on earth what these guys are talking about! Well, this is a typical scenario where hackers access your computer remotely, make it part of a botnet and use it for various crimes. But these activities takes place in the background and you don’t notice anything until it’s too late!
Botnet means a group of malware-infected devices controlled by a hacker. When such botnets are used for executing a cybercrime, it is known as the botnet attack. Your device can be part of a botnet and you might not have any clue about it!
- Botnet= Robot+ Network
- The trojans specially designed for botnet attacks are called botnet malware.
- The corrupted devices used for botnet attacks are called botnet hosts or bots. The owner of the infected device tends to be unaware of such malware infection, that’s why the infected device is also called Zombie device. All the bots must be connected to the internet.
- Any IoT devices can be used as botnet hosts. For example: PC, internet-connected televisions, laptop, mobile phone, WI-FI routers, tablets, cable VoIP devices, set-top boxes, DVRs and cameras.
- All the Infected devices may be located in the different cities and countries, but they are connected to a single command-and-control (C&C) server. C&C server is the master computer used by cyber criminals to connect with and control all other infected devices. The cyberattacks are initiated from this computer. Entire intercepted data is received and stored on the C&C server.
- The hacker that sends commands from C&C server to execute the botnet attacks is called bot master or bot herder.
5 Things to know about the botnet attacks and Zombie devices
1) Botnet malware is distributed via phishing emails
You can get some malware-loaded phishing emails containing botnet trojan. You might think that the email is coming from a legitimate source like your friends, employer, relatives, bank, eCommerce company, etc. But when you download the attachments or click on some links, the botnet trojan gets downloaded on your system!
For example, I got an email that looks like it is from Amazon and they are sending me any receipt. I was surprised to see the email because I didn’t purchase anything recently. But with the unusual sender’s address, I sensed something fishy about the email and I decided not to download the attachment. This attachment can contain any type of malware including viruses, trojans, worms, etc.
So, always read the sender’s email address before downloading anything from the email or clicking on any links.
2) You might get infected with botnet malware while visiting spammy websites
We all know what a spammy website look like.
- Too many unwanted advertisements,
- unexpected redirects to different web pages,
- videos and sounds automatically started to play in the background,
- too many deceptive “downloads” or “play buttons”, etc.
But do you know, a botnet virus can be hidden in such websites? You accidentally or intentionally click something and BAM! –the botnet malware is ready to be your guest! Hence, be very careful while visiting any spammy websites. Please don’t click on any suspicious links, buttons and attachments. Also, do scan your computer with a strong antivirus solution after visiting such sites to make sure nothing got downloaded on your device.
3) How your Zombie devices are used for the real cyberattacks
So, if your device becomes infected with a botnet, how bad the situation can be? Well, you might be surprised to know that your device may be part of serious cybercrime, and you won’t even have any idea about it!
Your device can be used for:
- Deploying distributed denial of service (DDoS) attacks against other websites,
- Executing brute force attacks,
- Stealing data from your own device and from other connected devices,
- Spreading Malware to other devices,
- Sending Phishing emails to other people,
- Doing illegal Crypto Mining,
- Generating fake traffic to a website,
- Posting illegal/controversial posts from your social media accounts,
- Getting fake likes/followers/comments on the sites that pay the botmaster for improving their social media presence.
4) How does the botmaster communicate with your Device?
The attacker needs a network channel to communicate with all the zombie devices. They communicate via the C&C server. It’s the master computer from which the botmaster sends commands to all the zombie devices. All the bots report back to this server with their findings, hacking attempts, and the results.
The attacker might also use peer to peer (P2P) network. This is a more enhanced channel where instead of relying on a master server, the bots send and receive commands internally with other bots. They also use digital signatures, mathematical algorithms, and public key infrastructure (PKI) to make the entire P2P network detection-proof. That means, if the botmaster’s server has been taken down by the government or security researchers, the bots can still stay connected with each other until the botmaster establishes another server to join this pre-established P2P network.
5) How can you protect your device from becoming a Zombie?
Here, prevention is the cure. When the government investigates cybercrimeS, your Zombie device will be found as one of the root devices from which the attack has been generated. Hence, you will face legal inquiry. You have to go through a long and exhausting legal battle to prove that you were unaware of this entire botnet and have no active involvement in crimes. So, it is advisable to stop the botnets from the phase-1 itself, i.e., getting them downloaded on your device.
- Use a powerful anti-malware or antivirus software. You can also use firewalls.
- Regularly update the operating system and all the software/applications to the latest version.
- Be careful of the phishing email. Check the sender’s email address (pointed out in the screenshot in point-1) to verify it’s legacy. Also, don’t download the email attachments without scanning them. Resist yourself from clicking on any links or files on an unsolicited email.
- Be vigilant while surfing online. Avoid spammy websites at all costs. You might think you are saving a few bucks while downloading a free song or video, but you might be becoming a part of the cybercrime in background!
- If you are getting any “too good to be true” kind of emails or popups on a website-just run a mile away! No one is going to give you a million dollars in a lottery, online casino, or a part-time work from home job! (I know it’s obvious to most of us, but some people are still falling for such things). Resist yourself from putting your trust and clicking on any crazily, tempting advertisements or news.
- Regularly check your folders such as C:/Program File, C:/Program Files (x86), and all the TEMP folders, where the malware can be hidden. If you find any unknown programs, make an internet search about it and delete it if that doesn’t serve any purpose.
If you run a website, use the software solutions that claim to prevent botnet attacks.
- Thor Foresight Enterprise: It detects the botnet threats at DNS and HTTP/HTTPS level and blocks the communication to C&C servers.
- AppTrana: It provides a 360-degree protection that can monitor, detect, and remove application-layer threats.
- DataDome: It offers protection against the two main botnet attacks i.e., credential stuffing for brute force attacks and layer 7 DDoS attacks. It is suitable for e-commerce and classifieds businesses.
- Radware: It detects and blocks bot attacks and protects web applications, mobile apps, and APIs.
- Check Point Anti-Bot: It monitors and detects bot-infected machines and removes the malware to prevent further machine damage. It also breaks the communication channel between the infected machine and the C&C server.