Are you a Member of a Botnet?

Posted by Geraldine Hunt on Mon, Apr 29th, 2019

You might indirectly be a member of a club that is so secret, you probably don’t even know it.  Ironically these clubs aren’t very discriminatory inducting new members.  They will take anyone they can because, when it comes to membership they are all about quantity, not quality.  So how might you indirectly be a member?  Because they are actively recruiting devices such as your laptop, internet router, webcam or IoT device.  In fact, your IoT wearable could even be a member!

What is a Botnet and what is its purpose?

A botnet is simply a collection of any type of internet connected device that has been compromised and taken control of by an intruder.  Through a command and control center, a single hacker can control hundreds of thousands of devices across the world.  They aren’t controlling these devices separately, but collectively as a single unit that acts in a coordinated fashion.  Botnets are used to perform nefarious actions such as Distributed Denial of Service attacks (DDoS).  The idea is that a hacker can’t generate enough garbage traffic himself to negatively impact a network target, but a large botnet of devices operating in synchronized fashion can generate a great deal. 

This was exemplified in the infamous Dyn attack that targeted one of the largest DNS providers in the United States.  This massive DDoS attack was able to disrupt the Internet throughout large portions of the United States that in-turn impacted the operations of companies like Amazon and Netflix.  This was accomplished by having Botnet members continually issue DNS queries until the DNS servers were overloaded and successfully brought down.  What also makes botnet attacks difficult to stop is that the generated traffic is launched from multiple areas of the world so a victimized domain can’t simply block an IP address or two.

However, DDoS isn’t the only use for Botnets.  They are also used for high volume spamming, data collection, spying, crypto mining, and credential stuffing attacks to name a few.  Botnets don’t always have to incorporate hardware devices either.  One example is a Twitter botnet discovered two years ago that consisted of 350,000 bot accounts.  One of the primary purposes of the botnet is to create fake trending topics in attempts to sway public opinion.  The bots were also used to send spam and assist in social media attacks. 

How does a device become a bot?

Most botnets are continually trying to grow, but membership isn’t voluntary.  Botnet members (Bots) often troll for new prospects through automated scanning processes seeking out devices with prescribed vulnerabilities.  For instance, the most famous botnet to date is called Mirai, which remains one of the most active botnets as well.  Essentially, it is a form of malware that can be installed on any computer or device running the Linux open-source operating system.  The Mirai botnet consists of devices with two key exposures: 

• The device left telnet enabled (which is never recommended for any device)
• The user of the device has never bothered to change its default admin credentials

By leaving an IoT device open to the telnet protocol, hackers have a way to access the device.  Because the default admin credentials of nearly any internet device are listed on the Internet, an unsecured IoT device is basically an open invitation for a Botnet to enter in and take over.  The bot herder then downloads some type of payload depending on the device and once installed, the device is ready to take instructions.

What if your device is a bot?

If you are starting to wonder if some of your own devices are operating as bots, consider that bot membership isn’t easy to confirm.  A bot herder doesn’t want to risk exposing his soldiers, therefore bot activity tends to remain inconspicuous until the bots are needed.  For a Windows device, one can monitor their Task Manager for processes that look suspicious.  Infected devices can suffer direct damage through CPU burnout, but for the most part, the ancillary cost is the knowledge that someone else is sinisterly controlling your own devices.

What you can do to prevent your devices from becoming bots

Botnets are looking for easy targets, and sadly, there are millions of them out there, maybe billions.  For that reason, it doesn’t take a lot of effort to keep botnet malware away. 

• Change the default admin credentials for any and all internet connected devices.  This is probably the single most effective step you can take.
• Keep all of your devices patched and up to date. 
• Invest in a good router that encases some basic security features.
• Content filtering. This can be implemented to block dangerous sites and unwanted content,  requiring no software on computers or devices.
• Malware and phishing blocking. The DNS filter will block sites containing viruses, scams and other dangerous content. Powerful email security is also an important security layer as large scale phishing attacks are regularly used to convince unsuspecting users to click on something that will launch a botnet malware attack upon their network.

A botnet is one club you DON’T want to be a member of.  It’s a club that finds you, but with a few basic steps, you can clearly let today’s botnets know that your devices are not interested in joining.