Botnets

A botnet is a network of computers that have been intentionally infected with malware by cybercriminals in order to perform automated tasks on the internet without the permission (or often the knowledge) of the devices’ owners. The term is an abbreviation of ‘robot network’. When a bot penetrates a computer, its controller can assume command of the device and others in the botnet through communications channels using standards-based network protocols.

Cybercriminals use botnets to distribute spam email messages, spread viruses – including spyware, commit fraud and identity theft, attack computers and servers, and perpetrate DDoS (distributed denial of service) attacks.

You can sometimes tell if a computer has been infected if it is running slowly. If this is the case, perform scans, or if in doubt consult an IT professional.

How your computers can become part of a botnet

Computers can become part of a botnet in the same ways as they are infected by any malware:

  • By opening attachments in emails which contain malware by means of a Trojan horse program. In this case, the Trojan may either delete itself once the computer is infected, or remain to update and maintain the malware modules.
  • By visiting websites which are infected with malware. This could happen by either clicking on malicious links in emails or social networking posts, or simply visiting infected sites proactively.
  • Peer-to-peer (P2P) – in other words spreading from one computer to another via a network, infected storage devices or on the internet.

The risks

  • Your network being infected by spyware which could gain access to your data and transactions.
  • Your computers could be used for the mass transmission of spam email.
  • Your computers could be used for infecting others with adware.
  • Your computers could be used for click fraud, whereby it visits nominated websites without your knowledge to create false web traffic.
  • Your computers could be used in DDoS (distributed denial of service) attacks, where:
    • Multiple systems submit a substantial number of requests to a webserver in order to overload it to prevent it from servicing legitimate requests, or
    • Multiple systems bombard a victim with unwanted phone calls.

Protecting your organisation

  • Choose reputable internet security software that is suitable for your organisation’s needs, ensure it is always updated and switched on.
  • Uninstall one antivirus program before you install another.
  • Do not open any files attached to an email from an unknown, suspicious or untrustworthy source.
  • Do not click on links in emails or social networking posts from an unknown, suspicious or untrustworthy source.
  • Remember than emails which appear to be sent by friends or colleagues – even with authentic addresses – may be fraudulent owing to their devices having been infected by malware, or their addresses having been spoofed by criminals.
  • Take care when using USB connected devices (eg memory sticks, external hard drives, MP3 players) as they are very common carriers of malware.
  • Take care when using CDs/DVDs as they can also contain viruses.
  • Do not open any files from web-based digital file delivery companies such as Hightail (formerly YouSendIt) and Dropbox) that have been uploaded from an unknown, suspicious or untrustworthy source.
  • Switch on macro protection in Microsoft Office applications like Word and Excel.
  • Buy only reputable software from reputable companies and ensure that it is always kept updated.
  • When downloading free software, do so with extreme caution.