In June 2022, German news organization DER SPIEGEL reported that in a joint operation, authorities in the USA, Germany, the Netherlands, and the UK had managed to dismantle a Botnet built by presumably Russian cybercriminals.
This botnet, called RSocks, comprised millions of computers and devices around the world. These devices had all been previously hacked and then became part of this botnet — all without their owners realizing. What’s more, this botnet could also be rented out to harm businesses, agencies, and governments (Source: https://www.justice.gov/usao-sdca/pr/russian-botnet-disrupted-international-cyber-operation).
Read on to learn what botnets are, what they’re used for, and — most importantly — what you can do to protect yourself from them to avoid becoming part of a criminal network like RSocks.
What is a botnet?
A botnet or “robot network” is the term for a network of several autonomously operating programs (bots).
In technical terms, a bot is a program that is controlled remotely on external computers. The name is short for “robot” and explains what the primary function of such a tool is: To perform set tasks on their own.
According to Wikipedia, a botnet is a group of automated malicious programs that reside on networked computers, their network connection, and local resources — without the owners’ consent in most cases.
You can just imagine the impacts cyberattacks initiated through a botnet comprising several thousand systems might have.
And it’s not only traditional computers that can be turned into bots — other network-enabled devices, such as smartphones, smart watches, tablets, smart TVs, IP cameras, webcams, and even routers, can as well. Ultimately, any device or resource that’s connected to the internet in some way can be used as a bot.
Botnets work as distributed computing networks, meaning that the networked devices communicate with each other but work independently of each other. A botnet carries out its tasks in the background as soon as you go online using the device in question.
Are botnets illegal per se?
Botnets are not illegal themselves. On the contrary, connecting several networks or networking computers together actually allows for optimal coordination of routine tasks which are used to operate websites, for example.
This can also include running a chat room or allowing someone to take control of your computer. In businesses or in the case of email or other service providers, it’s common for support employees to access our computers remotely in our presence and take the necessary steps to resolve our technical issues to get everything working properly again.
Botnets are also used to transfer data in cryptocurrency trading.
However, botnets are, unfortunately, also a good example of how actually helpful technological solutions for enjoyable and trouble-free use of digital devices are compromised via the internet for cybercriminal activities.
Examples of infamous criminal botnets
Just as you’d imagine, most botnets only become known about once they’ve been broken up. And almost always, these are international networks that the investigating authorities have spent a long time researching to find and dismantle.
One of the largest botnets ever discovered, Mariposa, was used for large-scale data theft and – believe it or not – hit 13 million computers across 190 countries. After it was dismantled in 2009, it had already gathered data from 800,000 users, including log in details for online banking, email accounts, and corporate networks.
Another botnet that achieved notoriety, Nercus, was dismantled by Microsoft together with partners from 35 countries in 2020. This botnet comprised over 9 million infected computers and was one of the most active bot networks involved in committing stock fraud and distributing emails and malware on a massive scale. Microsoft even developed a scanning program that would scan Windows PCs specifically for this botnet.
Then there’s Avalanche, which was also a global network comprising 20 botnets. According to investigators, this network, which was broken up in 2016, was responsible for two thirds of all phishing attacks (and attempts) in 2009.
In view of these examples, it’s understandable that investigating authorities sometimes need years to even track down a botnet and then dismantle it. So, it’s a good idea for every single user of digital devices to be aware of proactive protection measures and to apply them. Read on to learn more about this.
How do I know if I’m in a botnet?
It’s not easy to know if one of your devices has become part of a botnet since your device becomes infected with the necessary malware without you even noticing anything most of the time.
However, there are some telltale signs to look out for that bot malware has been installed, especially on a PC or Android device:
- You’ll receive warnings from virus scanners or anti-spyware programs installed on your devices.
- Your internet slows down for some unknown reason.
- You find new, unfamiliar processes in Task Manager.
However, if your devices have become part of a botnet, you may find that you don’t suffer any of these three symptoms — which makes it all the more important to take preventative steps to protect your devices to prevent this happening in the first place.
After all, hackers first have to gain access to your devices and infect them before they can integrate them into the bot network and launch attacks.
First, they’ll try to infect as many unprotected computers as possible, such as via a specially prepared website or via emails with attachments or links leading to an infected website. But you might also install a completely different program or app to the one you were expecting and unwittingly let a Trojan in — and in doing so open the door for the botnet.
Once cybercriminals have infected your computer, they use command and control servers to control the botnet (including your device), through which they initiate and control communication and data transfer.
The danger of botnet attacks
Cybercriminals use botnets comprising thousands of infected, networked computers and other internet-enabled devices for DDoS (distributed denial-of-service) attacks, spam campaigns, phishing attempts, data theft, or click fraud.
More often than not, botnet attacks take the form of DDoS attacks, where cybercriminals aim to overload corporate, agency, or government websites. This involves the devices connected to the bot network sending countless meaningless requests to their web server until the server collapses under the sheer weight of the number of requests and it can no longer be reached.
The list of the companies that have already been affected by one of these dreaded DDoS attacks reads like a Who’s Who of international brands that have sometimes had to compensate for major financial damage and significant losses in brand popularity following such an attack.
Another common use of botnets is the mass sending of spam and phishing emails, which cybercriminals use to steal access credentials, such as for online banking, from unsuspecting users on a large scale.
And, just as frequently, hackers also use botnets as the launchpad for wide-scale data theft. That’s because it’s highly lucrative for hackers to steal sensitive user data from businesses, agencies, governments, or banks, and either use this data themselves for criminal activities or put it up for sale.
Another lucrative method that operators of nefarious botnets use to make a quick buck is click fraud. This involves using infected devices to click on ads or certain links on the internet en masse. This takes advantage of the fact that advertisers often pay for the placement of their ad banners on the internet based on clicks. It’s almost impossible for the ad portal operator (also called the marketer) to prove that this kind of attack was caused by deliberate deception because the meta data transmitted with the clicks, such as operating system, browser, and IP address information, can be assigned to the infected computer but not the botnet.
Follow these tips to protect yourself from botnet attacks
If you look at the propagation channels, it becomes clear that hackers deliberately exploit either our curiosity or lack of attention, or security holes in the software.
Thankfully, there are some proactive steps you can take to protect your devices to avoid being affected by a botnet attack in the first place or having your devices become part of a botnet.
Caution is obviously top priority such as in the case of emails from senders you don’t know, especially if they contain links or attachments. Your first line of defense is to move such emails to your spam folder in your email app.
Use an antivirus app to prevent botnet attacks
The benefit of an advanced antivirus app is that it continually analyzes the wide range of cyberthreats, quickly detecting them as malicious or malware.
Background scans improve detection of viruses and other malware that may still be lurking on your devices despite you taking the necessary precautions. You don’t even need to spend a cent either, as the freeware version of Avira Antivirus allows you to detect any viruses on your device — in turn increasing your protection from a botnet attack.
And if you didn’t already know, Avira Antivirus has also been developed for use on your mobile devices — including your smartphone and tablet.
Top tip: Increase your preventative protection from botnet attacks in a variety of ways with Avira Antivirus Pro which, in addition to offering virus protection and a firewall, can scan your laptop or PC for outdated apps and drivers and auto-update them.