Nothing quite strikes fear into the hearts of computer users quite like the word “Virus”. But viruses are only a small subset of malware. In this series, we’ll take a look at the lesser-known but far scarier types of malware. Today, we’re talking about the type of Malware that turns your computer into a mindless zombie that does the bidding of a nefarious villain: The Botnet.
What is a Botnet?
Let’s say you want to be a bit of a jerk to your neighbor Jim, so you send him a bunch of fake letters. There’s nothing of value in these letters, so all you’re doing making Jim’s life more difficult by increasing the amount of junk he has to sort though to find the important bills he needs. This is what’s called a Denial of Service (DoS) attack. You’ve flooded Jim’s attention with sorting though useless requests, thus making his response to important requests much, much slower.
Jim’s caught on that everything from your address is junk, so he sets up a filter to put all your requests straight in the trash. Jim’s back in business!
But being a bit of a jerk isn’t enough for you. No, you want to be the UltimateJerk(tm). So you get all your friends to join in. Then, you make your friends rope in their friends, and their friends rope in even more friends. Before you know it, Jim’s mailbox is physically overflowing with junk every day. Eventually he is getting so many letters that the Postal Service just doesn’t deliver them any more. This is what’s called a Distributed Denial of Service (DDoS) attack. He’s being sent so many requests that every time he blocks one source, twice as many fill it’s spot! Jim’s ability to respond to important requests simply disappears.
This is an example of how malicious actors use botnets. They infect hundreds of thousands of computers with their tiny bots that send junk messages to the network target of their choice.
Why Do Botnets Exist?
While there are certainly instances of malware whose sole purpose is to wreak havoc on computers as a form of cyber terrorism, the primary malware you’ll see is designed to make it’s developer money somehow.
Botnet operators can earn tons of cash by selling their services to people. Sometimes, these botnets are used for petty things, like slowing down an opponent on a multiplayer game, or inflating subscriber counts on YouTube. But sometimes they’re used for downright terrible things like taking down a small website by completely using up monthly bandwidth limits in a matter of minutes, or clogging up the 911 emergency call system.
Operators themselves can shakedown sites and services by demanding payment in exchange for not attacking their systems.
Effects of Botnets on Your Computer
For the most part, Botnets’ sole purpose is to cause problems on someone else’s network, and generally don’t affect your computer too much. After all, if you notice something wrong, you might take the computer offline, which removes you from the villian’s botnet horde.
Since sites will try to block junk traffic from offending sources, you may find your perfectly legitimate website request blocked because a tiny program inadvertently installed on your computer was part of a DDoS attack on that website.
Protecting yourself against botnets is less about self-preservation, and more of a community issue. How would you feel if your computer was part of a plot to extract ransom from a small content creator? Or maybe taking down emergency services for several hours?
How to Protect Yourself From Being a Part of a Botnet
Many times these bots are distributed using malicious code embedded in regular advertisements. All an aspiring botnet operator has to do is buy some ad space, submit a bogus advertisement that includes an exploit of a popular browser or extension, and just wait.
The target doesn’t even have to click anything; just by loading the ad with an unpatched system is enough to run malicious code, exploit the security crack, and infect the computer. Since a botnet really doesn’t modify files or programs on the host computer, it can stay at this surface level without needing to bury itself elsewhere.
First and foremost, make sure your system is completely up to date on it’s software. Botnets usually take advantage of small cracks in security of the most popular software. Make sure your OS has it’s latest security patches, that your browser is the latest version, and that plugins such as Flash Player and Java are up to date. Even better, uninstall both Flash and Java if you don’t need them anymore! While these technologies were vital to the Web Experience a few years ago, most websites don’t need them anymore, making them little more than a useless security risk.
Next, since most of these bots come from ad-based drive-by attacks, an Ad-Blocker like uBlock Origin for Firefox goes a long way to stop this kind of malware. Now, it definitely hurts to recommend this since Joey and I plan to monetize this blog at some point in the future, and that means delivering ads. But until Google and others start doing a better job checking for malicious code embedded in advertisements, I’m going to be using an ad-blocker on my browsers.
It should go without saying that you shouldn’t install things from untrusted sources. If someone’s offering you free emojis for your computer, you should probably avoid it entirely.
BOTNETS are a type of malware used to make operators money by disrupting internet communications for websites and web services alike. Botnets typically aren’t harmful to your computer and it’s files, but are dangerous to the internet as a whole and can cause problems with your computer accessing certain websites. Keep yourself protected by keeping your software up to date and by using an ad blocker to limit exposure to drive-by attacks.