All You Need To Know About Botnets

Even if you haven’t heard of botnets, you’ll almost certainly be familiar with the havoc they can cause. Cybercriminals use them to perpetuate mass-scale data theft, bombarding people with spam or forcing entire networks offline in high-profile Distributed Denial of Service (DDoS) attacks. Worryingly, today’s burgeoning volume of internet-enabled domestic devices is making bot networks far easier to assemble and control…

United by fate

A botnet comprises a network of computers or digital devices, all infected with malicious software (known as malware) that enables remote users to harness their processing power and internet connections. The largest network yet recorded (BredoLab) combined the resources of 30 million computers into an email spam network, distributing messages with malware attachments capable of placing the resources of infected devices at the hackers’ disposal.
Other networks can have more sinister intentions than simply hogging processing power:

  • DDoS attacks force services offline when servers receive massive traffic volumes.
  • Bot networks can harvest financial data, such as login credentials for online banking.
  • Vast amounts of personal information can be stolen for identity fraud purposes.
  • Networks may undertake illicit large-scale mining of digital currencies like Bitcoin.


One of the most common reasons for assembling a botnet involves distributing spam emails. Srizbi was estimated to have sent 60% of the world’s spam messages at one stage, while Cutwail was firing out a million junk messages per minute at its peak. Back in 2010, email’s future looked perilous as a handful of computer networks threatened to drown legitimate communications in a sea of spam.
Depressingly, this battle is still ongoing. Spam volumes hit two-year highs in summer 2017, accounting for almost 55% of global email messages. There are around 60 million different types of malware emails presently in circulation, each posing a slightly different threat. From tech support to charity requests, consumers have to approach any unsolicited message from an unknown person with considerable caution. And this trepidation is having a damaging effect on legitimate activities, including email marketing.

The enemy within

If all this seems a world away from your beloved iMac or Chromebook, it’s unfortunately closer to home than you might think. Hackers are enthusiastically embracing a new front in our homes and workplaces, with an estimated 8.4 billion connected devices comprising the Internet of Things. From app-controlled toys to ‘smart’ kitchen devices, any machine with internet connectivity can be incorporated into a botnet. Basic products like web-enabled bathroom scales and CCTV cameras are ripe for subjugation, with low pricing and limited processor capacity meaning they rarely have security integrated as standard. Even if they do, the latest Reaper botnet can get past flimsy defenses and weak passwords, many of which are still manufacturer defaults like ‘1234’.
With the number of IoT-enabled devices expected to hit 20 billion by 2020, this represents a quantum leap in terms of the processing power available to cybercriminals. Meanwhile, IoT hardware manufacturers seem oblivious to these unfolding dangers, forcing consumers to protect themselves.

Here are the steps individuals need to take to avoid their computers or web-enabled devices falling under the malign influence of a bot:

  • Until manufacturers take these risks more seriously, try to avoid purchasing hardware without any built-in security.
  • Use sophisticated antivirus software on every desktop and portable computer, tablet or smartphone – the Android OS in particular is increasingly being targeted by hackers.
  • Install dedicated IoT security like BullGuard’s Dojo, which protects all Wi-Fi-enabled devices against malware or viruses.
  • Deploy a firewall and/or a proxy server for your network. These complex barriers make it far harder for criminals to gain access.
  • Reset any passwords on IoT devices. If the password is ‘password’, or anything equally obvious, change it!