What is a botnet?

Botnets (computer zombies) are networks of infected computers, often used to perform malicious activity, such as a DDoS (Distributed Denial-of-Service) attack.


Screenshot (38)

While there is a lot of different malware dedicated to creating a botnet, their principle of operation is roughly the same. Devices are initially infected via emails, internet links, security vulnerabilities in browsers or other programs. The infected system then contacts the Command and Control (C&C) server and receives a list of commands.

Botnet tasks may vary in some cases but they usually focus on stealing online banking credentials, logging keystrokes, sending spam, and DDoS attacks.

It’s difficult to say how many botnets there are and how big they are. A botnet could contain as little as a hundred of computers or as a many as a couple of million. It is believed that one in 600 computers is/has been part of a botnet.

Botnet usage

Cyber criminals use computer zombie networks for various criminal purposes, and the main are:

  • Sending junk email (spam). This is one of the most common and simplest ways a botnet is used. According to reports, more than 80% of spam emails are sent via botnet.
  • Cyber blackmail. Botnets are widely used to execute DDoS attacks. During such an attack, the network of infected computers sends a large amount of queries to targeted servers on the Internet network. Due to increased server load, the service being attacked becomes inaccessible to users. Criminals demand money in exchange for stopping the attack.
  • Botnet network sale and rent. One way to illegally earn money is to sell or rent botnets to third-parties.
  • Phishing. Hosting phishing pages through computers on a botnet allows cyber crooks to quickly change websites’ locations, which allows them to run for longer periods of time as they avoid access blocking.
  • Confidential data theft. Stolen passwords are transferred or used for massive infection of web pages, stolen bank account credentials are used for money laundering, thereby creating direct financial benefits for persons controlling the zombie network.
  • Distributed calculations. A computer zombie network can serve as one big supercomputer for various types of calculations, from password selection to other high-resource calculations.


This is not the complete list of ways botnets can be used, but it outlines the main purposes of botnet networks. Botnet networks are also used for political purposes, by executing attacks against individual states’ Internet infrastructure.

Botnet examples:

  • BredoLab botnet with 30 million infected computers;
  • Mariposa botnet with 12 million infected computers;
  • Conficker botnet with 10.5 million infected computers;
  • TDL4 botnet with 4.5 million infected computers.