What Are Bots and Botnets?

Everyone has received spam in their email inbox and spam bots are the greatest facilitators of junk mail online. While mostly just annoying, spam can also be a security threat.

The scale of a botnet enables the attacker to perform large-scale scams that were previously impossible with malware. Since botnets remain under the control of a remote attacker, infected devices can receive updates and quickly change their behavior. As a result, bot-herders can often rent access to segments of their botnet on the black market for significant financial gain. This article will discuss bots and botnets, the difference between them, how cybercriminals use them, and how to protect against them.

What Is A Bot and How Does It Work?

A bot is a computer that has been compromised through malware and can be remotely controlled by a threat actor. The attacker can then use the bot to launch more attacks, or to bring it into a collection of controlled computers, known as a botnet. Bot is short for “robot,” and originally had a positive association. The two main reasons why cybercriminals create botnets are for financial gain and for recognition. Bot herders gain notoriety among fellow cybercriminals by the number of infected computers they collect in their botnet.

The term “botnet” is a combination of “robot” and “network.” Botnet assembly typically occurs during the infiltration stage of a multi-layer scheme. The bots serve as a tool to automate mass attacks, such as data theft, server crashing, and malware distribution. Botnets use your devices to scam other people without your knowledge. 

Botnets are designed to grow, automate, and speed up a hacker’s ability to carry out larger attacks. Either one person or a small group of hackers can only carry out so many actions on their local devices, but for a small price and a bit of time, attackers can acquire additional machines to leverage. A bot herder leads a collective of hijacked devices with remote commands that once compiled, a herder uses to command programming for future attacks. 

Basic stages of building a botnet consists of a few steps including:

• Prep and Expose: hacker exploits a vulnerability to expose users to malware.
• Infect: user devices are infected with malware that can take control of their device.
• Activate: hackers mobilize infected devices to carry out attacks.

The aim of most bot attacks is financial gain, while others are done purely for recognition. Some attacks that can be launched after a computer has been taken over as a bot include:

• Spambot: one of the most common uses of a bot, a spambot is a machine that automatically distributes spam emails. Mostly, these are emails that contain advertisements for products or contain computer viruses themselves. 
• Denial-of-service: denial-of-service attacks invade a network or an Internet service provider with the intention of disrupting service. The attacker tries to infect as many computers as possible to create a bigger botnet network.
• Spyware: malware that can be used to gain information from its target or targets, from passwords and credit card information to the physical data contained within files. A bot herder can sell this data on the black market and if a bot herder gains control of a corporate network, they may be able to sell the “rights” to their bank accounts and their intellectual property.
• Click Fraud: a form of remote control that can allow a bot herder to surreptitiously click links on Web sites and online advertising, bolstering numbers for advertisers and producing more money.
• Dial-up Bots: dial-up bots aim to connect to dial-up modems and force them to dial phone numbers. The intention is to tie up the line, eventually forcing the user to change numbers or to dial 1-900 numbers in order to rack up charges on someone’s bill.

How Bots Are Used For Email Spam

Email spam needs as many working email addresses as they can possibly find. Email address harvesting is carried out by bots that scan web pages, look for text that follows the email address format (text + @ symbol + domain), and copy that text into the spammer's database of targets.

Once they have a database of email addresses, they can then send out spam emails in bulk to a mass number of victims. Spam emails are often criminal in nature, attempting to spread malware or steal account credentials via phishing. They may use a technique called email spoofing to make it appear like their emails come from a legitimate source.

Comment spam is any spam that appears in the comments section of a website. Some spam bots look for and post in sections that don't require an account for participation or forum that does not have strong verification to check if a commenter is a human user. Bots create fake user accounts and leave comments, and if one account gets shut down, they create another one. Attackers can use this method to automate the process of promoting and publishing spam.

Many bots are active on social media platforms and will send out messages or create posts promising free items, deals on products, adult content, or other offers. They might also like, share, or retweet spam posts, or leave spam comments on unrelated posts. Social spam bots operate via fake accounts, or via compromised real user accounts.  A spam bot also may copy a legitimate user's profile picture to make a bot account appear more legitimate.

Protecting Against Botnet Attacks

Botnet malware threats pose a significant risk to the safety of yourself and others, so it is imperative that you know how to protect yourself. Software protections and small changes to your computer habits can help. Some tips for protecting yourself against botnets include:

• Improve all user passwords for smart devices. Using complex and long passwords will keep your devices safer than weak and short passwords.
• Avoid buying devices with weak security as many cheap smart home gadgets tend to prioritize user convenience over security. 
• Update admin settings and passwords across all your devices. You’ll want to check all possible privacy and security options on anything that connects device-to-device or to the internet. Without updates to custom login credentials and private connectivity, hackers can breach and infect each of your connected devices.
• Be wary of any email attachments. The best approach is to completely avoid downloading attachments. When you need to download an attachment, carefully investigate, and verify the sender’s email address. Also, consider using antivirus software that proactively scans attachments for malware before you download.
• Never click links in any message you receive. Texts, emails, and social media messages can all be reliable vehicles for botnet malware. Manually entering the link into the address bar will help you avoid DNS cache poisoning and drive-by downloads.
• Install effective anti-virus software. A strong internet security suite will help to protect your computer against Trojans and other threats. Be sure to get a product that covers all your devices, including Android phones and tablets.

The profitability and nature of botnet attacks make them a favorite among hackers. Botnets are difficult to detect, even for experienced users. A sign of botnet compromise may be a frequently unresponsive browser or spike in error reports so a preemptive defense strategy against botnets is the most effective option for preventing attacks

Email Spamming

Hackers use email to spread malware using unsolicited attachments or links as invitations to join a botnet. Credential harvesting trojans, such as spoofed login pages for Google Drive, are the leading cause behind this method. Once the account has been compromised, worms and drive-by downloads can also be spread from that account.

Botnet Defense

Add multi-factor authentication (MFA) to your email, then guard it even further with an authenticator app. This protects you from the mass identity theft botnets are often designed for. 

Click Fraud

The most profitable undertaking is click fraud, which generates over $20 million per month in profit. Bot herders often create fake websites to advertise for third-parties for profit. For every click on an advertisement executed by a bot in a botnet, botmasters earn a percentage of advertising fees. 

Botnet Defense

Secure your Wifi with a strong VPN. This creates an encrypted tunnel that is nearly impossible for hackers to penetrate. 

Minecraft Inspired Denial-of-Service Attacks

On October 12, 2016, a massive distributed denial-of-service attack left a majority of the internet inaccessible on the east coast. The attack was the work of the Mirai botnet after authorities initially feared it was the work of a hostile nation-state. This attack was initially created to make money off of Minecraft aficionados before it eventually grew more powerful than its creators thought possible.

The majority of the malware ecosystem stems from Eastern European organized crime or nation-state intelligence services. Paras Jha became interested in how DDoS attacks could be used for profit before launching a series of minor attacks against his own university's systems. The attacks were timed to match important events like registration and midterms, all the while trying to convince them to hire him to mitigate those attacks.

He was also a Minecraft player, which is known to have opportunities to make money by hosting Minecraft game servers. This leads to running skirmishes in which hosts launch DDoS attacks against their rivals, hoping to knock their servers offline and attract their business.

Mirai was another iteration of a series of malware botnet packages developed by Jha and his friends. Mirai encapsulated clever techniques, including the list of hardcoded passwords.

Mirai's first big wave of attacks came on September 19, 2016, and was used against the French host OVH. It turned out that OVH hosted a popular tool that Minecraft server hosts use to fight against DDoS attacks. It wasn’t long before Jha posted the code of the Mirai botnet online, a common technique as it gives malware creators plausible deniability. This is because attackers know that copycats will use the code, and it will be difficult to conclude who created it first. The big attack on October 12 was launched by somebody else against Dyn, an infrastructure company that among other things offers DNS services to several large websites. The FBI believed that this attack was ultimately targeting Microsoft game servers.

In December 2016, Jha and his associates pleaded guilty to crimes related to the Mirai attacks. Unfortunately, by then the code was released to the wild and was used as building blocks for further botnet controllers.

Keep Learning

Botnets are a sophisticated and dangerous cybersecurity threat, and should be a concern for businesses, individuals, and even governments. It's also important to keep spam off your webpage so that your brand isn't associated with malicious activity.

• Learn more about an effective email security solution that understands the relationships you have with other people while gaining a deeper knowledge of the types of conversations you have with them.
• Prepare your business for cyberattacks to make sure employees stay safe online.
• Improve your email security posture to protect against attacks and breaches by following best practices.
• Keeping the integrity of your email safe requires securing the cloud with spam filtering and enterprise-grade anti-spam services.
• Get the latest updates on how to stay safe online.