What is a Botnet?

A botnet is a network that includes a number of Internet-connected devices, named bots. The word “botnet” is a combination of the words “robot” and “network”. Each one of the previously mentioned devices has been infected with malware that allows the attacker to remotely control them. Thus, botnets can be used to perform distributed denial-of-service attacks (DDoS attacks), steal data, send spam, and allows the attacker to access the device and its connection.

The bot contacts a remote server — or just gets into contact with other nearby bots — and waits for instructions from whoever is controlling the botnet. This allows an attacker to control a large number of computers for malicious purposes.

Botnets are usually spread all over the world, which means that each device must be individually identified/corralled/repaired. One of the techniques for detecting bot attacks is what’s known as “signature-based systems” in which the software will attempt to detect patterns in the request packet. However, as attacks are becoming more and more complex, this may not prove to be a viable option because patterns can’t be discerned from thousands of requests.

There’s also the behavioral approach to thwarting bots, which ultimately is trying distinguish bots from humans. By identifying non-human behavior and recognizing known bot behavior, this process can be applied at the user, browser, and network levels.