What is a Botnet?

A botnet is a large group of computers controlled by a single computer, most often used by hackers to launch denial of service attacks, send SPAM, mine for cryptocoin or conduct illegal activities.


What it is:

A botnet is a large group of infected, “slave” computers controlled without permission by a single “master” computer.

What it does:

Hackers use botnets to launch denial of service attacks against larger organizations, as well as sending SPAM, mining for cryptocoin and other illegal activities.

Why it matters:

Botnets can launch powerful attacks that are difficult to defend. Enterprises need to take pre-emptive steps to mitigate the potential risks of botnets.

What to do about it:

Prevent botnet infections by “hardening” systems with multi-factor authentication and high-level encryption, and look to mechanisms that can protect against a botnet attack.

Legitimate Uses of Distributed Computing

Distributed computing is when multiple computers (‘nodes’) work together to process a single data set. In the consumer world, examples involve people willingly installing software on their computers: [email protected] and [email protected] are scientific research projects that use this principle. Bitcoin mining is another example of member nodes processing data as a distributed network.

In the enterprise, corporations may use master/node, clustered servers or server farms to create large pools of centrally controlled computational power. These can be used for simulations, graphics rendering or machine learning, for example. Legitimate distributed networks will not call themselves botnets to seperate them from illegal activities.

Recent Examples of Botnets

Contrary to the above, a botnet illegally gains control of victim computers and uses them to attack other targets. Often these are poorly protected consumer desktops or laptops, which have been infected via a virus with a ‘bot’ payload.

Botnets can be put to a broad range of illegal uses (including bitcoin mining). Distributed Denial of Service attacks are a common example, in which the network of bots sends data requests to a single web site address, in order to overload it.

In 2016, the Mirai botnet generated a DDoS attack peaking at about 620 Gbps. This was almost double the previous largest DDoS. Most of the bots were consumer devices such as security cameras and home DVRs.

Botnets are also used to send unsolicited email (spam). After authorities took down the Srizbi BotNet in 2008, it reduced global email spam by 93 percent.


Following established best practices for your endpoint computing devices will prevent most viruses, and therefore bot infections.

Meanwhile, you can also look to protect against DDoS attacks. Firewall appliances or edge routers from major vendors, such as Cisco or Juniper Networks, can detect and block some attacks. Major websites may require additional levels of DDoS protection, which can be provided by internet services vendors, such as Akamai, CloudFlare or F5.

To protect your website from botnets, use equipment and services that are properly sized for your organization.