Cyber attacks are frequently making headlines in today's digital environment. At any time, everyone who uses a computer could become a victim of a cyber attack. There are various sorts of cyber attacks ranging from phishing to password attacks. In this post, we'll look into one of such attack that is known as botnet.

To begin with, let's take a look at some of the famous botnet attacks. The first one is MiraiBotnet, which is a malicious program designed to attack vulnerable IOT devices and infect them to form a network of bots. That on command perform basic and medium level denial of service attacks.

Then we have the ZeusBot, specifically designed for attacking the system for bank related information and data. 

Now, let's take a look at the agenda for today's post. 

  • Firstly, we'll understand what is a botnet. 
  • Then we'll see how exactly a botnet works. 
  • After that, we'll learn some of the architectures how a botnet works on. 
  • In the end, we'll learn how to protect ourselves from botnet attacks. 

What is Botnet

Now, let's see what exactly a botnet is. Botnet refers to a network of hijacked interconnected devices that are installed with malicious quotes known as malware. Each of these infected devices are known as bots. The hijacked criminal known as bot hoarder remotely controls them. 

The bots are used to automate large scale attacks, including data theft, server failure, malware propagation, and denial of service attacks. 

How Botnet Works?

Now that we know what exactly a botnet is, let's dive deeper into learning how a botnet works. During the preparation of a botnet network, the first step involves preparing the botnet army. After that, the connection between the botnet army and the control server is established. At the end, the launching of the attack is done by the bot herder.

Botnet attack

Let's understand through an illustration. Firstly, we have a bot herder that initiates the attack. According to the control server commands, the devices that are infected with the malware programs and begins to attack the infected system. 

Let's see some details regarding the preparation of the botnet army. 

The first step is known as the prepping the botnet army. The first step is creating a botnet to infect as many as connected devices as possible. This ensures that there are enough bots to carry out the attack. This way, it creates bots either by exploiting the security gaps in the software or websites or using phishing attacks. They are often deployed through Trojan horses.

For the next step, we have establishing the connection. Once it attacks the device, as per previous step, it infects it with a specific malware that connects the device back to the control bot server. A bot herder uses command programming to drive the bot's actions. 

And the last step is known as launching the attack. Once infected, a bot allows access to admin level operation like gathering and stealing of data, reading and rewriting the system data, monitoring user activities, performing denial of service attacks, including other cyber crimes.

Botnet Architecture 

Let's take a look at the botnet architecture. The first step is known as client-server model. The client-server model is a traditional model that operates with the help of a command and control center server and communication protocols like IRC. When the bot herder issues a command to the server, it is then relayed to the client to perform malicious actions. 

Then we have peer-to-peer model. Here controlling the infected bots involves a peer-to-peer network that relies on a decentralized approach i.e. the bots are a topological interconnector and acts as both C and C servers i.e. the server and the client. Today, hackers adopt this approach to avoid detection and single-point failure. 

How to Protect Our System from Botnet Attacks 

In the end, we will see some points on some countermeasures against botnet attacks. 

The first step is to have updated drivers and system updates. After that, we should avoid clicking random pop-ups or links that we often see on the internet. And lastly, having certified anti-virus, anti-spyware softwares and firewall installed into our system will protect malware attack. With this, we have reached the end of the post.

Print this post