A botnet is a group of computers that are controlled from a single source and run related software programs and scripts. While botnets can be used for distributed computing purposes, such as a scientific processing, the term usually refers to multiple computers that have been infected with malicious software.
In order to create a malicious botnet, a hacker must first compromise several computers. This might be done by exploiting a security hole through a Web browser, IRC chat program, or a computer's operating system. For example, if a user has turned off the default firewall settings, his or her computer may be susceptible to such a botnet attack. Once the hacker has gained access to several computers, he can run automated programs or "bots" on all the systems at the same time.
A hacker may create a botnet for several different purposes, such as spreading viruses, sending e-mail spam, or crashing Web servers using a denial of service attack. Botnets can range from only a few computers to several thousand machines. While large botnets can cause the most damage, they are also easiest to locate and break apart. The unusual amount of bandwidth used by large botnets may trigger an alert at one or more ISPs, which might lead to the discovery and dismantling of the botnet.
In most situations, users do not know that their computers have become part of a botnet. This is because hackers typically hide their intrusion by masking the activity within regular processes, similar to a rootkit attack. Therefore, it is a good idea to install antivirus or anti-malware software that regularly checks for such intrusions on your computer. It is also wise to make sure your system firewall is turned on, which is usually the default setting.
Updated: June 9, 2010