If you’ve listened to the news in the last few years, you’ve likely heard the term botnets, though you may not fully be aware of what they are. In essence, they’re a kind of malware that infects as many machines as possible, but unlike Cryptolocker, or adware, it then does it’s best to hide. It doesn’t want you, your antivirus, or your IT to find it.
One of the ways they hide is by staying small. They download an innocuous looking application that doesn’t appear to do…anything. It just runs in the background, sits there, and occasionally reaches out to an internet server (which is something any application that can update itself does). Essentially, they’re holding open the door. Depending on the botnet variant, they can remain dormant for hours to months, but eventually they check in with their Command and Control server, and that’s when the real activity happens.
Most botnets are comprised of several command and control servers, which are also compromised machines that act as the heads of botnet masses. They respond to requests from all of the nodes scattered throughout the internet and give them the malicious instructions and code, whether it be looking for other vulnerabilities on the network, finding valuable documents, mining cryptocurrency, or attacking a specific site all at once to overwhelm it and knock it off the internet.
How do you counteract them? The same way as other threats: Have a firewall, use AV software, and if you spot something on your machine doing something you’ve never seen before (especially if you notice your machine behaving much slower than usual), inform your local tech person or favorite Bird!