Any device in the Internet may function as a zombie, a member of a botnet that follows the commands of the botnet malware. Both traditional PCs, servers, smartphone, and IoTs (Internet-of-Things). Botnets are a collection of Internet-connected devices infected with malware. These infected devices are called bots (or zombies). The type of malware that takes over devices silently and under the surface gets administrative privileges and gives cyber criminals control over the device. Hacked devices work as usual, but also follow orders from the botnet‘s commander. In addition, numerous infected devices together form a strong infrastructure and are used for criminal activity.
Some botnet commanders specialize in botnet support and expansion. These people lend botnets to other criminals who carry out attacks and other wrongdoings. Here are four common botnet uses:
Of course, not only contact information is stolen from a hacked device. Malware that botts computers (zombies) may have more features. You may be able to steal your mobile banking and online banking passwords, and you can change your browser’s web page to steal important financial data (such as your credit card PIN).
What if spam filters do not work well? As you might imagine, your inbox is full of spam. By the way, did you know that most spam attacks rely on zombies? Cybercriminals need botnets to disrupt the work of providers and agencies that block their email and IP addresses and try to stop spam. Cybercriminals send spam emails using the email account of the infected and zombie computer owner. In addition, it will retrieve contact information from emails fraudulently accessed from that account and add it to their spam database. It is a really bad trick.
The best known use of botnets is to launch DDoS attacks (reference links). Although botnets only send excessive requests to servers and load them, servers exposed to high loads can not handle requests and can not be used by the public.
The more net-connected devices are incorporated into the botnet, the more powerful the DDoS attack. The problem is that almost any networked device can be used for such an attack. Some of these devices do not seem like they actually use the Internet. For example, surveillance cameras and Wi-Fi compatible printers.
There are hundreds of millions of networked devices at this point, but it will soon reach billions. Not all networked devices are fully protected, so they can be part of some botnet. Also, large botnets have the ability to engage in really bad activities. In October 2016, a botnet-based disrupted the operation of over 80 major Internet services such as Twitter, Amazon, PayPal and Netflix.
Recruit new bots
Botnets also find use in finding new vulnerable devices. Infected devices are infected with malware such as Trojans and viruses. Naturally, such malware also includes specialized malware for incorporating devices into botnets.
We recommend the following actions in order to minimize the chance of your device becoming a member of a botnet:
- Be sure to change the default password for network-connected devices, such as routers, webcams, printers, smart appliances, etc.
- Be sure to install firmware upgrades, security updates for the operating system and software
- Do not use an administrator account on a PC or laptop. Do not leave root access on mobile devices. Better yet, it is safer not to use root access at all
- Be careful when downloading anything from websites other than the official site. There are many cases where malicious files are spread through games and software
- When downloading something from untrustworthy sites such as Torrent tracker site or P2P file sharing, check all files with advanced anti-virus products
- Install a trusted antimalware product, even if you are not doing dangerous or illegal activities on the net, and check details without being ignored when notified of suspicious actions