Botnet

A botnet (short for "robot network") is a network of many infected devices—PCs, servers, routers, IP cameras, smart home devices—that are remotely controlled by an attacker (known as a botmaster or C2 operator) without their owners' knowledge.

How a Botnet Forms

1. Infection: Malware (bot) infects devices via phishing, exploits, or brute-force attacks on weak passwords
2. Communication: Infected device connects to the attacker’s Command & Control (C2) server
3. Control: Botmaster can control thousands or millions of devices simultaneously
4. Abuse: Coordinated deployment against various targets

Common Uses

DDoS attacks: Simultaneous requests from millions of IP addresses overload the target server.

Spam campaigns: Millions of phishing emails sent from thousands of different IP addresses—making them harder to block.

Credential Stuffing: Automated testing of stolen password lists against login portals.

Crypto Mining: Computing power of infected devices used for mining without the owner’s knowledge.

Proxy Networks: Concealing the true origin of attacks.

Ransomware distribution: Botnets serving as infrastructure for initial access (Initial Access Brokers).

Known botnets

• Mirai (2016): Infected IoT devices with default passwords; 620 Gbps DDoS attack on Krebs on Security
• Emotet: Banking Trojan that evolved into one of the most dangerous botnet networks (disbanded in 2021, returned in 2022)
• Qakbot: Long-running botnet, regularly taken down by law enforcement agencies

Detection and Protection

Endpoint Detection: Unusual network connections, high CPU load without an explainable process, EDR alerts.

Network Detection: Connections to known C2 server IPs (Threat Intel Feeds), unusual communication patterns (regular beacon connections).

Prevention: Strong passwords (especially for IoT!), regular updates, network segmentation, EDR solution.

Botnet takedowns are carried out by law enforcement agencies in collaboration with internet service providers and security researchers (e.g., Europol, FBI, BSI).