Ever heard the saying “There is no such thing as a stupid question”? – of course you have, what a stupid question. This phrase was most likely meant to encourage people to ask questions. Then again, if you’re like me, if you come across a question as simple as “What is a Botnet?”, you feel a bit stupid for wanting to ask it. As I delve deeper into the wonderful rabbit hole that is Internet security research, I’ve encountered several questions that, while very simple to many of my coworkers and teammates, are confusing to someone like me. And if GI-JOE has taught me anything…
I’m sure you’ve also heard “Education is the first step to success!” As time marches on, and with internet security becoming a bigger and bigger part of our everyday lives, this statement really couldn’t be more relevant – even to the point where I almost want to change it to “Education is the first step to Internet Security.” (Hey marketing, check me out!)
Where was I… Oh yes! BOTNETS! Let’s talk about botnets.
If you look up the definition on Wikipedia, it states that a botnet is a “collection of internet-connected programs communicating with other, similar programs in order to perform tasks.” Welp, thanks Wikipedia, my work here is done. (Kidding!)
Let’s break this down a bit. A botnet is a collection of compromised hosts (the ‘hosts’ being computers. a.k.a. YOUR computer), that are controlled by a single entity, usually through the use of a server known as a botnet controller (or the Mothership as I like to call it). The goal of the botnet is to compromise/infect as many hosts as possible in order to create a large network of hosts (Regularships) that the botnet can then use to spread additional malware or spam, or perform a distributed denial-of-service (DDoS) attack. For example, a botnet can take a website offline by having all of the Regularships attack the website at the same time.
It’s kinda like in that book Ender’s Game when Ender eventually realizes that the alien ships are moving so perfectly in unison because they’re all being controlled by the single ship in the center of the formation.
(p.s. If you’re annoyed by that pseudo spoiler, you shouldn’t be because that’s not even the best part of that book and the whole thing is great.)
The underlying truth here is that unless you purposely installed the malware onto your computer/network, chances are you don’t want it there. This is where Umbrella comes in real handy. Not only do we use our extensive data collection network to create algorithms and classifiers to predict future attacks, we also provide you with the tools to pinpoint which computer (or computers) on your network are the source of the activity. With this information we can help you contain the attack, thus enabling you to connect to the Internet with a double dose of confidence.
So yeah, that’s a botnet, in a nutshell…albeit a very oddly shaped nutshell. Stay tuned until next month when I try to compare phishing attacks to Toy Story 3.