A combination of the words robot and network, a botnet is a group of computers (the "bots") communicating with each other and/or with their command-and-control (C&C) server(s).

In information security, bots are computers whose security defenses have been breached and are running malicious software that enables a third party to control them without the consent of the computer’s owner or legitimate operator. Most often computers compromised in this way are home computers, but bots have been found in school, business and government owned computers. However, in some cases, the bots are compromised servers. For example, ESET researchers discovered large and sophisticated operation, named "Windigo", in which an organized group of criminals compromised over 25,000 unique Linux and UNIX servers.

Botnets are typically used to generate spam, spread other malware (including copies of themselves) or flood a network or Web server with excessive requests to cause it to fail (denial of service attack, DDoS).  Botnets have also used for phishing, to transfer stolen data and other financial crimes.

The largest botnets consist of millions of computers and pose a serious threat. According to industry estimates quoted by Joseph Demarest, Assistant Director of FBI’s Cyber Division during his statement before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism on July 15, 2014, botnets have caused over $9 billion in losses to U.S. victims and over $110 billion in losses globally. Approximately 500 million computers are infected globally each year.

For this reason, national and international law enforcement agencies work with leading security companies to disrupt botnets by seizing their C&C servers and domains. An example of one such disruption was the joint action of numerous security agencies including the FBI, Interpol, Europol, Microsoft and ESET against the Dorkbot botnets in December 2015.

ESET uses  Botnet Protection technology that searches outgoing network communications for known malicious patterns and matches the remote site against a blacklist of malicious ones. Any malicious communication detected is blocked reported to the user and optionally to ESET.

Please enable Javascript to ensure correct displaying of this content and refresh this page.