They permeate the Internet like a gigantic spider’s web. Botnets link computers to huge networks – without the majority of us knowing anything about it. Criminals manipulate computers, connect them and use them for their own purposes. The result is a network of infected PCs, remotely controlled by “botmasters”. Botnets are among the largest sources of illegal money for cyber criminals. According to estimates, hundreds of millions of computers worldwide are affected. One of the biggest networks discovered comprised over 30 million computers. There is a fair chance that your own PC was part of a botnet at one point in time, too.
The operators of a botnet smuggle malware called a bot (short for “robot”) onto other people’s computers. These bots operate in the background without the owner of the PC noticing anything maintain a low profile. The computer is then exploited for the purposes of the botmasters, none of which the user would voluntarily agree to. As the computers are being controlled remotely and so are acting “involuntarily”, parts of the botnet are also known as “zombie PCs”.
The bots operate via the Internet. This means that they only work when the computer is switched on and is connected to the Internet. The more bots there are in a network, the greater the number of active computers at any one time. The German Federal Office for Information Security (BSI) recorded up to 60,000 new infections per day in the first quarter of 2015.* In purely technical terms, a botnet is a distributed computing network – a collection of computers working independently of one another. They do indeed communicate with each other occasionally, but they carry out their tasks independent from one another.
If so many computers form part of a botnet, how can I tell if I am part of one?
Botnets are used for all sorts of different things – and not all of them are illegal. The University of Berkeley in America provides the code for a good kind of botnet client. The voluntary connection of as many private computers as possible is designed to reduce IT costs for various research projects. For example, researchers use such a botnet to look for intelligent life in space.
However, the overwhelming majority of botnets are created against the will of the PC owners and are generally used for criminal purposes. Zombie PCs are used for things such as distributing spam. For example, phishing emails are sent out to the digital world by PC owners without them realising. Other botnets serve criminal organization as storage space or help provide the perpetrators obtain sensitive user data. Either this data is used by the perpetrators themselves or the information is monetized on the Darknet. Furthermore, a botnet enables the perpetrators to establish a connection to a third-party computer via the zombie PC and thus hide its original address. Another type of use for a zombie PC is as an intermediate host that infects other computers and so triggers a chain reaction."
The majority begin with an infected website. Users with no active web protection who end up on such a site usually have malware foisted upon them without noticing. However, an attack can also take place via an email in which, for example, the bot’s installation program is hidden in an attachment, or there is a link to a manipulated website. Sometimes users also unintentionally install Trojans along with harmless programs, which open the door, as it were, to the installation of the bot.
In this way, PCs are turned into remote-controlled bots, where a cyber criminal is pulling the strings. These strings are networked in such a way that we should actually think of a botnet as a highly ramified spider’s web. This is how ordinary PCs become part of a botnet. According to the Anti-Botnet Advisory Centre operated by Internet association Eco, one in three PCs in Germany is thought to have been infected and be part of a botnet.
* The State of IT Security in Germany 2018, Federal Office for Information Security (BSI) (PDF 5,06MB)