How does a Botnet work?

Besides attacking infected computers, one major use of malware is to create botnets—giant networks of "zombie" computers that can be made to carry out a variety of nefarious actions.

A computer that has been joined to a botnet may not harm its owner directly. Instead, the infected PCs in the botnet go on the offensive, carrying out commands issued from a server controlled by a criminal.

"A bot agent can be a stand-alone malware component in the form of an executable or a dynamic link library (DLL) file or a piece of code added to the malware code," Elisan writes. "The bot agent’s main function is to establish communication with the botnet’s network component."

Botnet Basics

Botnets can be used for many nefarious purposes, including distributed denial-of-service attacks, which send extraordinary amounts of traffic to a website in order to cripple it. Botnets can be used for click fraud, in which thousands of computers click ads to generate revenue for criminals. A single botnet can perform numerous attacks. In fact, many criminals who run botnets simply rent out access to the infected PCs to other criminals who find ways to monetize them.

Botnets also send out much of the world's spam e-mail. The so-called Rustock botnet was responsible for about 60 percent of the world's spam at its peak in August 2010, but it was taken offline by cooperation between several nations and private companies.


Security tips are brought to you by the CTS SOC. The mission of the CTS SOC is to provide centralized information sharing, monitoring, and analysis of Washington State security posture. Contact us at: