What is a 'Botnet'

A botnet is a network of internet-connected devices that have been compromised by hackers without the knowledge of the legitimate owners. A botnet is able to control the computers it targets by using a malicious software, after which the computers and devices are used to perform cybercriminal activities such as Distributed Denial of Service (DDoS) attacks, spam emails, and data theft.

A botnet can also be referred to as Zombies. A botnet controller is referred to as a botherder.


A botnet is a combination of the words ‘robot’ and ‘network’. A bot is a malicious software script that is programed to give the botherders control over a computer that has the software installed in it. The infected computer with other infected devices are then organized into a network which the cybercriminal or botherder can remotely access and manage. The computers that comprise of a botnet are usually situated all over the world and could be from a hundred devices to millions of devices connected to the internet.

Most victims to botnets are home-based computers with weak security protocols and ineffective firewalls. Malware like Trojan viruses are usually situated in vulnerable websites which, if accessed by an unsecured digital device, can install the malicious program on the computer. Computers can also fall victims to botnets if their users open email attachments that have malware embedded in them. Once the malware program has been installed to a device, the bots contact the herder through a site or server called the Command-and-Control (C&C) server. Most times, the users don’t know that their computers have been compromised as the programs silently get installed and remain hidden until called to action by their maker. A herder who has access to the C&C server and has garnered enough devices or zombies on the network for the intended attack can send out a single command to the bots now distributed over the world.

Why Use a Botnet? 

A botnet can be used for different reasons. A botherder can intend to use a botnet to carry out a Distributed Denial of Service (DDoS) attack where it uses its zombies to send fake requests and traffic to a host of websites. The traffic received by these sites may be too overwhelming to manage, causing the websites to shut down and be inaccessible to their legitimate users. In 2016, a botnet called Mirai was used to propagate the server of a domain name provider, Dyn. In this case, the botnet comprised of thousands of Internet of Technology (IoT) devices such as webcams, cameras, and DVRs that were connected to the internet. Because Dyn was a host to multiple websites like Amazon and Netflix, when its server was compromised, this also affected the operations of the websites it hosted.

A botnet can also be used to carry out ransomware attacks on individuals and businesses. The infiltrated computers can be used to send out massive spam emails with corrupted attachments to thousands of computer devices. Access to any of these attachments will trigger a ransomware attack where data is encrypted and locked, and which can only be unlocked if the ransom demanded is paid within a specified time period. In 2016, a botnet called Necurs which hosts over 6 million devices on its network carried out a ransomware attack on the Hollywood Presbyterian Medical Center. The hospital’s medical records were released after the hospital paid out $17,000 in Bitcoins.

Botnets can be used to steal sensitive information that is stored on computers. Once data is breached and the information is stolen, the herders can sell this information in underground web marketplaces that transact in illegal commodities.

Botherders with an established network of zombies would sometimes sell access to their botnets to other cybercriminals. The herder can sell the use or temporary access of his botnets or he can sell them outright for a one-time fee.

  1. Data Breach

    A data breach is an unauthorized access and retrieval of sensitive ...
  2. Intrusion Detection System (IDS)

    An Intrusion Detection System (IDS) is a computer program that ...
  3. Eavesdropping Attack

    An eavesdropping attack is an incursion where someone tries to ...
  4. Banker Trojan

    A malicious computer program designed to gain access to confidential ...
  5. Supply Chain Attack

    A supply chain attack is a cyberattack that attempts to inflict ...
  6. Threat Modeling

    Threat modeling is evaluating what needs to be protected in the ...
Related Articles
  1. Investing

    Cisco Warns Consumers on Cybersecurity Threats

    The legacy networking firm says spambots boomed in 2016, as methods advance to target consumers.
  2. Tech

    How Advisors Can Combat Ransomware

    Ransomware is malicious technology that’s becoming increasingly commonplace in corporate computer network. Here's how to combat it.
  3. Tech

    Hackers Target Computer Rigs to Illegally Mine Cryptocurrencies

    Hackers are now stealing random people's computer power to mine digital tokens in an alarming new trend.
  4. Tech

    Cybersecurity Steps Everyone Should Take

    Anyone using a device connected to the internet should employ these cybersecurity practices.
  5. Investing

    Nokia Study: Smartphone Malware Spiked 400% in '16

    Nokia saw a 400% increase in malware on smartphones with Android devices still the main target.
  6. Tech

    Bitcoin Price Drops After "WannaCry" Ransomware Taint

    Bitcoin price has undergone a price revision since the WannaCry cyber-attack.
  7. Tech

    Is It Safe to Send Money Through Facebook?

    Learn how Facebook employs strong measures to keep your information safe when sending money, but understand the rare threats that still exist.
  8. Insights

    5 Ways Your Small Business Is at Risk for a Cyber Attack

    Small business owners think they are immune to hacks because of their size, but they are not. When they find the guard is down, hackers are exploiting common weakness.
  9. Tech

    SWIFT Attacks: Hackers Strike Again

    The recent SWIFT cyberattack has revealed connections to the earlier Bangladesh and Sony attacks.
  10. Tech

    Cybersecurity: Stay Safe Online With These Tips

    No one can guarantee that any of us are 100% safe from cyber and identity related crimes, but we can make ourselves less of a target. Here's how.
  1. Who are GoDaddy's (GDDY) main competitors?

    GoDaddy, the biggest domain registrar has enjoyed great success over the years but its market dominance is now under threat ... Read Answer >>
  2. What Are the Pros and Cons of Online Checking Accounts?

    Learn about the ways an online checking account can save you time and money, but understand the drawbacks before signing ... Read Answer >>
Hot Definitions
  1. Ethereum

    Ethereum is a decentralized software platform that enables SmartContracts and Distributed Applications (ĐApps) to be built ...
  2. Cryptocurrency

    A digital or virtual currency that uses cryptography for security. A cryptocurrency is difficult to counterfeit because of ...
  3. Financial Industry Regulatory Authority - FINRA

    A regulatory body created after the merger of the National Association of Securities Dealers and the New York Stock Exchange's ...
  4. Initial Public Offering - IPO

    The first sale of stock by a private company to the public. IPOs are often issued by companies seeking the capital to expand ...
  5. Cost of Goods Sold - COGS

    Cost of goods sold (COGS) is the direct costs attributable to the production of the goods sold in a company.
  6. Profit and Loss Statement (P&L)

    A financial statement that summarizes the revenues, costs and expenses incurred during a specified period of time, usually ...
Trading Center