The world of internet is very beneficial. All the information that you require will be at your fingerprint. But, cyberattacks are a major concern while using internet services. This article discusses one such cyberattack called the botnet attack. Initially when we breakdown the term botnet, it is “robot” and “network”. And this botnet is an army of internet-connected devices, that are infected by one or more running bots. These malware-infected devices can be PCs, mobile devices, servers, and IoT devices that run on that network. The botnets are not targeted towards an individual or a group, instead, it enters due to the vulnerabilities of the system or network and the owner will be unaware of it.

 

When considering the history, botnet attack was first reported in 2000 and it was known as EarthLink Spammer. It was a spammer called Khan C. Smith who send over 1.25 million phishing emails using the legitimate company network. In this botnet attack, when the victim clicks on the email, the virus will get downloaded on the victim’s computer and will send sensitive information like credit card details to the sender automatically. After this, there were many other botnets like cutwail(in 2007, that targets windows OS), Grum(in 2008, massive pharmaceutical spammer bot), Kraken(in 2008, it used command and control servers), Methbot(in 2016, digital ad malware), Mirai(in 2016, infected smart devices that run on ARC processors), 3ve(in 2018, create fake clicks on online advertisements), and more.

 

How botnets affect your system? As you know, botnet breaches the security of your device and provides its access to a third-party. It performs denial of service, data stealing, sends spam emails and moreover it grand the complete access of your system to hackers. Botnets attacks are difficult to identify and the hackers will pay attention to hide it from the user. For example, there are some botnets that access your device’s web browser and send fraudulent traffic to a specific website/advertisement. Also, these botnets can collect your passwords and other information saved on that browser.

 

How to prevent botnet attacks? As mentioned early, it is a difficult task to identify whether your device is infected with bots. Botnet breaches the security of your device if it found any possibility. So, to prevent botnet attacks the user needs to be cautious. Integrating strong user authentication methods, downloading files/software from trusted sites, avoid clicking online ads, neglecting phishing emails, performing behavioral analysis, and moreover installing a firm antivirus is necessary to prevent botnets. 

 

BOTNET ARCHITECTURE

 

There were advancements in the botnet architecture as an effort to evade detection and disruption. In every architecture, the bot herder is the person who controls the botnet from any remote location. Client-server model and peer to peer are the two botnet architecture available.

 

Client-Server Model: In this model, there will be only one server that acts as the bot herder and it requires special software to maintain the control of the clients. These botnets operating through internet relay chat networks, domains, or websites control the controls the transmission of information with commands. The bots located on the infected device will wait for the command from bot herder and it performs the action and pass the result to bot herder. Since only one server act as the bot herder, these botnets are easy to be located and to destroy.

 

Peer to Peer(P2P): The latest botnets use the P2P botnet model where each of the connected devices works independently as a client and a server. In the P2P model, each of the devices coordinates with each other to update & transmit information. In this architecture, it is difficult to be located and to completely destroy this. The botnet named Storm was the first peer to peer botnet introduced in 2007.