A botnet is a network of zombie computers controlled by a single entity. The term is a portmanteau of the phrase "Robot Network". Usually, the zombies in use of a botnet are compromised computers running the Microsoft Windows operating system that have been infected with some sort of malware. These computers communicate with other botnet machines via the Internet. Most botnets are distributed-design systems, with the botnet operator giving instructions to only a small number of machines. These machines then propagate the instructions to other compromised machines, usually via IRC. The distributed design prevents the discovery of the controlling computers. The anonymity that a botnet affords often helps the user avoid detection and possible prosecution.
Botnets are effective in performing tasks that would be impossible given only a single computer, single IP address, or a single Internet connection. Originally, botnets were used for performing distributed denial of service attacks. However, most modern webservers have developed strategies to combat such DDoS attacks, making this use of a botnet ineffective. Additionally, many counter-DDoS strategies blacklist the IP addresses of attacking computers, thus exposing the botnet's machines. As the spam market has become profitable, and ISPs usually discontinue service to subscribers who send spam, botnets were found to be an effective resource for sending spam. Furthermore, many compromised computers contain address books of email addresses which can be incorporated into the list of addresses to send spam to. Zombies that are not actively sending spam at any point in time can be configured to scrape the web looking for new email addresses to spam, adding further value to the botnet.
A secondary objective of the botnet is to find and compromise additional computers. While this is not considered a primary objective in and of itself, the expansion of the botnet via assimilation of new computers helps it perform the primary objectives more efficiently. Thus, this secondary objective is often the bulk of a botnet's tasks. Many computer networks, especially those using Microsoft Windows computers running the default settings, inherently trust other computers on the same network. Thus, a single compromised machine on such a network constitutes an attack vector against other machines on the network. Other secondary botnot objectives include website advertisement clicking, web browser toolbar installations, keylogging, and social bookmarking poll manipulation.
Security Terminology Questions