what are botnets

What Are Botnets? (And How Do They Work?)

Sam Carr

Sam Carr

January 21st, 2021

Sam Carr is a content marketer at PPC Protect with 10 years of digital marketing experience. With a keen interest in ad fraud, Sam shares all his insights on the PPC Protect blog.

google invalid clicks report

Most people have never heard of a botnet, and that’s perfectly normal. In fact, there are many people out there who don’t want you to know what a botnet is!

These mysterious networks are nothing but trouble, and the last thing you want is to be involved with one.

You may have heard them mentioned on the news or in articles relating to cybercrime. Known for their negative and criminal association, these botnets have remained a well-guarded secret for decades.

To shed some light on these secret botnet networks, we’re pulling back the curtain and giving you a full in-depth look at what they are, and what they do.

For everyone who’s ever wondered what is a botnet? Here’s what you need to know.

What Is A Botnet?

what is a botnet diagram

To explain it simply, a botnet (also called a robot network) is a network of devices infected by some kind of malicious software (malware or virus) that are controlled by a bot herder.

Botnets have been around since the early 2000s and have grown significantly over the past few decades. A lucrative and profitable business for the shady cybercriminals involved, these botnets can be used for a number of illegal activities which we’ll cover later.

Many of the computers that are part of the botnet network are often unaware they are a part of such a scheme. Nowadays, many antivirus programs will detect this type of malware and remove it or stop it from running. But over the years there has been a constant game of cat and mouse as the cybercriminals try to evade detection by these programs.

As of 2021, there are still plenty of botnets in operation with new ones being created every single month.

Botnet Definition

If that was too long and confusing, then a shorter and simpler formal definition of a botnet can be defined as:

A network of computers and devices infected by malware that are controlled by a bot herder.

Originally botnets were primarily found on desktop computers and laptops, but in recent years, many botnets have also started to include mobile and other internet connected devices (including fridges!).

Now you have a good understanding of what a botnet is, how exactly does it work? And how are they made in the first place?

How Botnets Work

Botnets aren’t just made overnight, they require a range of victim’s computers and devices, often referred to as a zombie computer or slaves. In order to add one of these computers to the botnet, the device must first be infected by malicious software.

A device can become infected in a number of different ways, and cybercriminals are always thinking up new ways to spread their botnet malware. The most common way is sending email attachments, or hiding them in other legitimate software. Most of the time the user won’t know have an infected device unless it’s discovered by antivirus software, but a lot of these botnets actually go undetected for a long time.

Once the botnet herder (also known as the botnet master) has enough devices and computers controlled, they can start to tell them what to do via remote commands.

Who Controls Botnets?

Botnets are often controlled by a single individual or group of people. The botmaster can send commands to the individual devices, instructing them on what to do. This can be anything from visiting a website, executing some code, or trying to infect other computers on the same network.

In most cases, many botnets are often rented out to other cybercriminals to perform a range of different resource intensive tasks which we’ll cover shortly.

The truth is that it is incredibly difficult to find out who the botnet operators are, and many remain anonymous forever. This is primarily because the activities done with a botnet are very often illegal, so the hacker doesn’t want anyone to know who they are.

What Are Botnets Used For?

what are botnets used for

By now you’re probably wondering, why would anyone want to control an army of computers? What exactly do they do with them all?

Well, the truth is, botnets are in high demand and are used by a range of shady criminals from all over the world.

As a distributed network has a lot of power and versatility, these networks can be used for a range of malicious purposes which are often illegal. Instead of just one computer doing all the work, having a botnet army of computers from all over the world can be very beneficial when trying to evade detection.

These infected bots will all have a different IP address, which makes blocking and finding the bot network incredibly hard. By continuing changing their IP address, security software can often struggle to block malicious network traffic.

Here are some of the most popular uses botnets are used for.

DDoS Attacks

One of the most common uses of a botnet is to launch a large scale distributed denial of service attack (DDoS attack). You’ve most likely heard about them in the news and how they can affect any business.

This type of botnet attack is often used to take down websites or servers and cause serious disruption to businesses. In many cases, websites can become inaccessible for a long period of time, causing huge amounts of financial loss and downtime.

Although this doesn’t necessarily make cyber criminals money, the attacker will often blackmail businesses and websites to pay them in order to stop the cyber attack.

Email Spamming

Almost everyone in the world receives some kind of spam email every now and then. Whether they’re promising you 5000 Bitcoins or super cheap Raybans, most of these emails are sent via large botnets.

Traditional emails are sent via one mail server to a list of contacts. But if enough people report the email for spam, then eventually that mail server will get blacklisted, and emails will start going to their spam folder by default.

But by using a large botnet with unique IP addresses, mass sending spam emails can be much more successful in terms of deliverability and open rates.

Ad Fraud

As each computer has its own unique footprint, this makes them perfect for clicking on paid ads. With each click costing advertisers money, botnets can be used to defraud advertisers out of thousands a month.

Another common use for botnets is for them to actually click their own ads. By setting up a website and registering with Google AdSense, cybercriminals can use botnets to click the own ads on their website. Since they get a cut of the revenue from every click, this can be a quick way to make some serious money. Good news for botnet owners, bad news for advertisers who are losing their ad spend to invalid traffic.

Crypto Mining

Ever since the introduction of Bitcoin in 2009, the entire world has been trying to mine as much cryptocurrency as possible. But in order to mine fast, you need a huge network of computers to speed things up… just like a botnet!

By distributing crypto mining malware and programs over a botnet, the owner can utilise the resources of multiple computers and significant speed up the mining process. Not to mention they don’t have to pay for the power, so they’re practically mining money for free!

There has been plenty of crypto mining botnets discovered over the years, and judging by the current price of Bitcoin, they probably made a fortune!

Renting To Hackers

By now you probably have a few good examples of what botnets are used for. But that’s still not everything! Truth be told, botnets can be used for practically anything that requires a lot of IP addresses or computing power.

In addition to the activities and use cases listed above, many cybercriminals will rent out the entire botnet to other individuals for a daily or weekly fee. This means they can practically do whatever they want with the network, which could include other activities such as brute-forcing passwords or even identity theft.

Fighting Back Against Botnets

As you can see, botnets can do serious harm to your business regardless of whether they target your website, ads or emails.

Protecting yourself from DDoS attacks is fairly straightforward with the right botnet detection software, but how do you protect your paid ads that aren’t behind a firewall?

PPC Protect is an advanced click fraud prevention solution that will protect your ads from any botnets, competitors or online scrapers 24 hours a day. Built with enterprise and agency clients in mind, you’ll never lose sleep worrying about who is clicking on your ads again.

Sign up to a free trial of PPC Protect and see how much money you save below.

Get A Free Traffic Audit

Do you know how much of your budget is being spent on invalid clicks? Your campaign performance could be being reduced by as much as 30%. You won’t know until we’ve run our free traffic audit.

Start Your Free Audit

How many invalid clicks do you get on your account?

How much spend is wasted on fraudulent clicks?

Are your competitors wasting your budget?