Tech Blog


Ask Semalt Why Cybercriminals Use Bots

Oliver King, the Semalt Customer Success Manager, explains that cybercriminals use “bots” to control malware-infected computers or devices. For this to be possible, they have to be part of a network for the attacker to co-opt them this way.

Creating a botnet

There are a lot of ways through which attackers can plant bot programs. By the way, machines already infected with malware are called “bots” or “zombies.” The most common way to make user’s computers get infected is when you are browsing a potentially harmful website. Being on the site, the “bot” programs assess its vulnerabilities and take advantage of it. If it successfully gains entry into the computer, a bot then installs itself. Another way is when an attacker sends a file attachment or spam email to the targeted user. Also, the existence of a single malware on the computer may give way to others, which “bot” programs can also use to gain access.

Once the “bot” malware establishes itself in the system, it makes attempts to connect to the source website or server to receive instructions on what to do next. The server sends commands and monitors what goes on with the botnet, which is why it is called the command-and-control (C&C) server.

The attacker will use the server to create a client program and then send information to the “bot” to conduct a range of tasks through the network it currently operates on. It is possible to issue commands to one or all of the bots in the network. The one in control is a botherder, an operator, or controller.

What attackers can do

The devices connected to the botnet are not under the legitimate monitoring of the owner, which poses a significant risk to the security of data and related resources for individuals and businesses. There is a lot of highly sensitive content such as financial information and login credentials on machines these days. If an attacker gains backdoor entry to the computer using the botnet, they can quickly harvest all this information to the detriment of the owner or business.

Another use for botnets is the launch of the denial of service attacks on websites. Using the collective resources gathered, each computer can send a request to the targeted site all at the same time. It overloads it to the point that it is unable to handle the traffic and thus becomes unavailable to those who need it. Attackers may also use the collective resources to send out spam emails or malware, and mining Bitcoins.

Botherders have recently commercialized their activities by amassing very many “bots” and then selling or renting them out to others. Most crime syndicates are the beneficiaries of this commercialization as they use the botnets to steal data, commit fraud, and other criminal activities.

Increasing in size

The potential to cause trouble for a botnet increases with the number of consolidated computers in the network. Botnets have grown to as many as millions of ‘recruited” bots and the trend should continue as other developing countries gain access to the internet.

Botnet Takedowns

Many countries have taken the botnet threat very seriously and actively involve the Computer Emergency Response Teams (CERT) and law enforcement agencies in taking them down. The most effective way to rectify this issue is to take down the C&C server and cut communication between the botherder and the “bots.” Once this is accomplished, it gives users and network administrators a chance to clean their systems and remove themselves from the network