The Click Fraud Blog | ClickCease
what is a botnet and how does it work?

Botnets: What Are They and Should I Be Worried?

Although the singularity hasn’t happened for real, yet, if it ever does happen it’ll probably be some bastardised offspring of botnets. Botnets are currently everywhere and are responsible for a huge amount of internet traffic, with estimates putting the figure at around 50%. But what is a botnet? Why are they so ubiquitous and are they going to steal my job one day?

OK, botnets might not be after your job, but they are quite likely after your money, login details and maybe even access to your computer or portable device. 

This might make the whole botnet setup sounds quite menacing, which if you’re doing anything sensitive online, it kinda is. And if you’re looking at how to detect botnets, or protect yourself against these cyber threats, you need to know what they are and how they work.

What is a botnet?

botnet army
Probably not what a botnet looks like

Very simply, a botnet is a network of computers that are running a piece of software which is, in this instance, a bot. Short for robot, these bots can perform tasks ranging from the relatively simple to quite complex intrusions.

A botnet might be a room full of computers, networked, running the same bot for whatever purpose (often referred to as a click farm). Or, it could be a group of remote devices, infected with a hidden bot (often in the form of a ‘virus’) which can be organised to perform anything from repetitive tasks such as click fraud, or in extreme cases Denial of Service attacks (DDoS attacks).

An example of one of the biggest botnets uncovered at the time is Srizbi, which is thought to have been responsible for more than half the internet spam in 2008. With access to over 450,000 networked devices, Srizbi was capable of sending 60 million spam messages a day! 

Often capable of self perpetuating themselves, botnets often spread their digital tentacles wider though hidden code in links, websites, software downloads and email attachments. A popular method is using a link in an email, or a free software download from a sketchy site. 

Yup, if you think you’ve found a great website to watch Netflix for free, it’s probably packed full of malicious code and bots. If you don’t want your device to become another link in a huge global network, just pay the subscription!

What is the point of botnets?

It might seem that sending some absurd amount of spam per day is just a waste of everybody’s time. But of course, why bother doing it if there is nothing to be gained? In the case of spam bots, it’s a numbers game, with even one bite having the potential to be a tidy earner for your hacker. Who, by the way, isn’t some dweeb in his mom’s basement, but most likely part of some sophisticated and organised setup.

There was even a study into the spam industry, with findings suggesting that savvy spammers can make $3.5 million a month. That’s a tidy amount, no question. Especially if you do live in your mom’s basement.

Fraud botnets

One of the most sophisticated botnets of recent years, 3ve, shows how the botnet has evolved. Often held up as the successful botnet example of a hugely profitable fraud network, 3ve used a network of around 1.7 million computers to collect the payout on ad views on fraudulent websites. 

Still one of the most incredible examples of ad fraud, 3ve was thought to have cost advertisers around $29 million. Other botnet examples that have seen prolific click fraud and ad fraud are Methbot and HyphBot. These sneaky bots were used to watch video ads across the Google and Microsoft display ad networks and collect the payout for organised criminal gangs.

In 2019, we saw botnets expand into Facebook ads, with a very sophisticated click fraud operation. Although it was taken down (and the creators currently being taken to court by Facebook), you can bet that there are more of the same waiting in the wings. After all, click fraud is a very lucrative business for those who know how.

DDoS botnets

Are botnets all about money? Well, no. DDoS attacks are another way that these bots can be leveraged to do the bidding of the evil Mr or Ms X. What is a DDoS attack, you ask?

In February 2020, Iran fell victim to a DDoS attack which reduced the internet capacity in that country by up to 75%. And this isn’t the first time that this has happened, with DDoS attacks knocking out the internet infrastructure in some of America’s biggest banks, the Iranian nuclear research program and Hong Kong’s democracy movement.

These DDoS attacks are often done to damage software infrastructure, undermine authority, intimidate or even steal information from the country under attack. As such, they are very often politically motivated (however not always), although no country has yet claimed responsibility for a DDoS botnet attack.

Social Network botnets

Fake news is powered by botnets

Thanks to the current POTUS, the term Fake News has become mainstream. In fact, the growth of fake news and spreading of disinformation via social networks is often handled by a network of bots. 

Fake news botnets have grown in sophistication over the years, with many attributing the rise of the alt-right to their proliferation. When it comes to social media and fake news, how do these botnets work?

Old school social media and fake news bots would most likely repost content, or reshare posts under specific hashtags. Worryingly, it was found in a study into the 2016 US presidential election that social media posts which contained misleading or incorrect stories were shared more widely and reached a bigger audience. 

Modern bot accounts are slightly more sophisticated, with a degree of interaction which can sometimes make them seem like a real person. In fact, these bot accounts known as cyborgs, may have a real person take the helm for a while to do a spot of recreational trolling. 

How to protect against botnets?

Staying safe online is increasingly becoming a key issue, not just for businesses but for individuals too. When it comes to protecting yourself against botnets, there are a few things you can do to minimise your exposure.

First up, minimise your exposure by making your surfing habits a little more secure. Free downloads of expensive software, some free VPNs, peer to peer file sharing, pornography and low grade spam sites should be avoided. Sorry about that.

Stay updated

Be sure to keep your devices up to date with the latest security patches. Botnets often work by exploiting weaknesses in software, so check updates for both your operating system and the software you use regularly. 

Be choosy with your apps

There are a lot of apps out there, and some of them are full of holes (sometimes on purpose). Apps can be full of malware, with the recent case of the Facebook click fraud apps being a battery cleaner, workout app and even a calculator. Stick to apps you know you can trust.

Attachments from trusted sources

Malware is often spread through downloads and attachments in emails, so be careful what you download. Be aware also that even a trusted sender might have been compromised, so if they’ve sent you a file that you’re not expecting, perhaps ask them first (y’know, Whatsapp them or something).

Extensions and VPNs

Browser extensions can be another source of malware, as can VPNs (virtual private networks). As these are pieces of software used for doing whatever you need to do online, they’re obviously very tempting channels for those botnet developers. Again, use only trusted software and choose super secure (and unique) passwords.

Don’t click that link!

An email from your bank telling you to reset your password? You need to verify your Apple ID to access your app store? Classic phishing which is also a classic way to pop some malware on your device. Ignore the email and go direct to the source, and see if you can login. You’ll probably find everything is fine.

Anti-click fraud software

If you’re running an online ad campaign, you might be wondering how to protect PPC ads against fraudulent botnets. Anti-click fraud software such as ClickCease is proven to be the best way to detect botnet activity, and prevent fraud on your paid ads. Don’t just take our word for it, try it out for free

bots are becoming more sophisticated
“Bow before your overlord. And watch these display ads…”

So, should I be worried about botnets?

The botnet is a very real threat, especially if you’re handling sensitive data or spending money online. Each year sees a more sophisticated development and the traffic keeps on growing. For every 3ve or Methbot that is taken down, another as yet unseen network of bots takes its place in this highly lucrative world.

By taking precautions online, you can limit your exposure to most types of fraudulent activity. Being aware of what kind of bot is out there and how botnets work and develop is another way to keep up with the developments. 

If you’re running a PPC ad campaign online, bear in mind that around 25% of all clicks on paid ads are fraudulent. Find out for yourself how ClickCease can proactively detect botnet activity, and protect against ad fraud and click fraud, with our 14 day free trial.

Oli

Since working for ClickCease, Oli has become something of a click fraud nerd, and now bores people at parties with facts about click farms and internet traffic stats. When not writing about ad fraud, he helps companies to optimise their marketing content and strategy with his own content marketing business.

Add comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Block click fraud from ruining your campaign!

Most discussed