Botnet

Q) what is a botnet ?

A) Botnet is a collection of networked computers(bot's) which work together to accomplish a distributed task, malicious or otherwise. They are typically used for sending spam emails, DDOS(distributed denial of service) attacks and click fraud. Computers are co-opted into botnet's by , infecting them with malware - downloaded and installed unknowingly to the user - from compromised websites(watering hole attack), by tricking the user into running a Trojan horse program which is sent via email as an attachment(Trojan attack) etc. The installed malware then connects to its command and control(C&C) node to receive instructions(call home). The botnet operator(bot herder/master) can then control all the compromised nodes from the C&C node. After calling home, depending on how it is written, a Trojan may then delete itself, or may remain present to update and maintain its version and spread to other computers on the local network. In a peer-to-peer botnet the compromised hosts don't connect to a central C&C host for instructions but each node communicates commands with a subset of nodes in the botnet forming a mesh topology. This makes the botnet very difficult to take down.

Image source:

http://resources.infosecinstitute.com/botnets-and-cybercrime-introduction/

Q) what makes botnes resilient ?

A) Traditionally botnets are controlled from a set of centralized C&C nodes which makes them vulnerable to take downs attempts from law enforcement and legal corporations. In response to this botnet herders have implemented new mechanisms and networking architectures to increase the resilience of the botnes. Botmasters are using techniques such as fast-flux DNS where C&C domain names are assigned ip address's from a large pool of compromised hosts(bots), which act as blind relays, to shield the C&C nodes . Another technique is to use domain names(thousands in some cases) generated by an algorithm in the malware instead...