What Is a Botnet & What Does It Do?

Botnet Definition

The definition of the term botnet is a network of internet-connected devices that are infected and remotely controlled by malware. The word botnet is a shortened, combined version of “robot network.” The word robot, in this case, refers to a robotic device like a computer that’s connected to other robotic devices within a communication network like a local area network (LAN) or the internet. Infected devices that are part of botnets can also be called zombie computers, since they mindlessly carry out the commands of the attacker that’s coordinating the action.

Microsoft Defender

Stay safer online with one easy-to-use app<sup>1

1</sup>Microsoft 365 Personal or Family subscription required; app available as separate download

Learn more

How Does a Botnet Work?

A botnet occurs when an attacker, called a bot-herder, takes control of a network of computers and infects them with malware. A botnet enables a single attacker to use a centrally controlled network of multiple devices to carry out a coordinated cyber-attack. Coordinated botnet actions can include mass email spam campaigns, financial breaches, information theft, and others. For a cybercriminal, the benefit of a botnet is the ability to carry out large-scale attacks that employ millions of bots, which are not possible using malware on individual devices.

The first step in orchestrating a botnet attack is to identify an exploitable vulnerability in a system. After the attacker has identified a security breach, they’ll infect devices with botnet malware. Device infection often takes the form of a user-downloaded virus. After the malware successfully infects a device, the attacker can consolidate the affected devices into a centrally-controlled network of connected devices—a botnet—which is then used to carry out cyberattacks.

What Kinds of Devices Can Be Part of a Botnet?

Botnets can encompass a number of devices beyond computers. Devices that may be vulnerable can include:

• Desktop and laptop computers. Personal computers are historically popular targets for attackers building botnets.
• Internet of Things (IoT) devices. Wearable tech like fitness trackers or smartwatches, smart home devices such as security cameras, speakers, thermostats, or entertainment devices, and in-vehicle infotainment technologies can all become networked bots.
• Mobile devices. Smartphones and tablets that use the internet may be targeted in botnet construction.
• Servers and other Internet infrastructure hardware. Network routers, web servers, and hardware that enables internet connection are all potential targets.

Types of Botnet Attacks

Botnets can be used for a number of criminal ends, including stealing money or confidential information, taking websites offline and disrupting service, illicit cryptocurrency mining, and other scams. Common types of botnet attacks include the following:

• Phishing scams. A botnet may orchestrate a large-scale campaign within an organization or network of users to steal confidential information like passwords and credentials.
• Distributed Denial-of-Service (DDoS). A DDoS attack uses web traffic to overload and crash a server, causing a website to be taken down for a period of time.

How to Protect Against Botnets

Most protective measures against botnets need to be taken at a manufacturing or enterprise level. By deploying strong user authentication methods, advancing behavioral analysis to flag usual behavior, and taking security measures around firmware updates, manufacturers and enterprises can help prevent vulnerability. If you’re concerned about your devices becoming targeted in botnet construction or other types of cyberattacks, make sure you’re taking proper cybersecurity measures to protect your data.