ESET Online Help

Search English
Select the topic

Botnet

A combination of the words robot and network, a botnet is a group of computers (the "bots") communicating with each other and with their command-and-control (C&C) server(s).

In information security, bots are computers whose security defenses have been breached. They are running malicious software that enables a third-party to control them without the consent of the computer’s owner or legitimate operator. Home computers are often compromised in this way, but bots have been found in school, business and government-owned computers. However, in some cases, the bots are compromised servers. For example, ESET researchers discovered a large and sophisticated operation named "Windigo", in which an organized group of criminals compromised over 25,000 unique Linux and UNIX servers.

Botnets are typically used to generate spam, spread other malware (including copies of themselves) or flood a network or Web server with excessive requests to cause it to fail (denial of service attack, DDoS). Botnets have also been used for phishing, transferring stolen data, and other financial crimes.

The largest botnets consist of millions of computers and pose a serious threat. According to industry estimates quoted by Joseph Demarest, Assistant Director of FBI’s Cyber Division, during his statement before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism on July 15, 2014, botnets have caused over $9 billion in losses to US victims and over $110 billion in losses globally. Approximately 500 million computers are infected globally each year.

For this reason, national and international law enforcement agencies work with leading security companies to disrupt botnets by seizing their C&C servers and domains. An example of one such disruption was the joint action of numerous security agencies, including the FBI, Interpol, Europol, Microsoft, and ESET, against the Dorkbot botnets in December 2015.

ESET uses  Botnet Protection technology that searches outgoing network communications for known malicious patterns and matches the remote site against a blacklist of malicious ones. Any malicious communication detected is blocked, reported to the user, and optionally to ESET.