What is it?
A Denial of Service attack is when an attacker tries to overwhelm a victim’s server by flooding it with requests. In a Distributed Denial of Service (DDoS) attack, the attacker uses an army of unwitting third party servers to all attack the victim at the same time.
A botnet is a network of computer devices that are coordinated by a central Command and Control (C&C) to perform some task. Not all botnets are evil; the SETI@home project (no longer active) was a voluntary participation botnet dedicated to the Search for Extraterrestrial Intelligence. Most botnets however, unfortunately, are up to no good.
A botnet drone is a computer virus that recruits more computers into the botnet; it’s called a drone because it makes independent decisions about how to spread, making it more difficult to stop.
Why is it a risk?
At the very least a botnet drone consumes computer resources that could be used for other purposes. Beyond that, the risks depend upon what the botnet is designed to do – some are benign but most are designed to deliver DDoS attacks, steal data, spread SPAM emails, hijack systems and more.
Botnet drones are considered to be so malicious that your Internet Service Provider (ISP) will probably disconnect your service until you have resolved the issue.
How can you mitigate the risk?
Once a botnet drone has infiltrated your network, it can be pretty hard to eradicate. Your anti-virus software provider may be able to help. But the best “cure” is prevention.
- Install, and regularly update your virus protection software and perform regular virus scans.
- Teach your users never to open an email attachment from someone they do not know.
- Use strong passwords.
- Keep access to your network from the Internet tight using firewall rules.
- Consistently use a Domain Name Server (DNS) that actively filters traffic from known C&C servers.
Safety Detectives What is a Botnet?
Heimdal Security How to Prevent a Botnet Attack