A bot herder is a hacker who uses automated techniques to scan target networks for vulnerable systems. These weak machines do not have updated security patches, allowing the hacker to install a bot program into them. The application infects the computer, turning it into a zombie in a botnet. A zombie follows all the bot herder’s commands, typically through an Internet Relay Chat (IRC) channel. If you don’t know, IRC is a text-based chat system. Think of IRC as the less advanced version of today’s chat apps like Messenger, Skype, and WhatsApp.
You can compare a bot herder to a puppet master. The computers (zombies) under his control are puppets that do everything he wants them to. Bot herders are also called “bot masters.”
Other interesting terms…
Read More about a “Bot Herder”
Bot herders control what we now know as “botnets.” We’ve heard the terms “bot” and “botnet” repeatedly, but what are they, exactly?
What Is a Bot?
A bot is an Internet program that does repetitive tasks. Given that definition, therefore, we can infer that bots are not always bad.
A good bot does what it was designed for—perform repetitive tasks, such as publish scheduled tweets or other social media posts automatically. Most search engines use spider bots to obtain relevant results for user searches.
In cybersecurity, however, bots typically have a bad reputation. Many threat actors use them to automate spamming and slow target websites down as you’ll see in examples later on.
What Is a Botnet?
A botnet, coined from “robot” and “network,” refers to a vast number of Internet-connected zombie devices or bots that hackers use to perform malicious activities. Botnets often enable distributed denial-of-service (DDoS) attacks, data theft, and spamming, among others. Bot herders control botnets using command-and-control (C&C) software.
What Devices Can a Bot Herder Control?
Bot herders can control any Internet-connected device, including the following:
- Computers: ZeuS, a banking Trojan first seen in 2007, is probably one of the most infamous botnets of all time. Its creator, Hamza Bendelladj, also known as “Bx1,” essentially its original bot herder, was arrested in 2013. To date, ZeuS has infected more than 13 million computers worldwide.
- Smartphones: Pareto is a prevalent mobile botnet comprising almost a million Android smartphones to make it seem their owners are watching specific ads on their smart TVs and other Internet-connected devices. First discovered in 2020, Pareto’s bot herder is said to generate an average of 650 million ad requests daily.
- Internet of Things (IoT) devices: Mirai, first spotted in 2016, is one the biggest IoT botnets to date. Its bot herder managed to infect at least 560,000 smart home appliances and other IoT devices to perform a DDoS attack on Dyn. That attack caused several of the Domain Name System (DNS) provider’s customers, including Twitter, GitHub, and Spotify, among many others, to go offline.
How Can Bot Herders Control Botnets?
Bot herders control botnets through either a centralized or decentralized system.
- Centralized model: The bot herder directly communicates with each bot. This approach was used by the first botnets controlled via a single C&C server. It was replaced eventually by the peer-to-peer (P2P) model because it was vulnerable to a single point of failure.
- Decentralized model: Also known as the “P2P model,” where all the bots in the botnet share commands and information with one another. None of them also directly communicate with the C&C server, making the botnet harder to take down.
What Can Bot Herders Do?
As mentioned earlier, bot herders can perform several malicious acts using their armies of zombie computers or botnets, including the following:
1. Launch a Brute Force Attack
Bot herders use zombies in brute force attacks to automate password guessing on a target network or account, say a victim’s online bank account. The bots use a fast password guesser or leaked credentials or personally identifiable information (PII) obtained from the Dark Web in these attacks.
2. Instigate a DDoS Attack
Probably the most popular activities bot herders engage in are DDoS attacks. They flood or make tons of requests to target websites or networks, causing them to crash and go offline. Mirai is infamous for being one of the world’s first IoT DDoS attacks.
3. Start a Spam or Phishing Campaign
Bot herders use zombie computers for spam and phishing attacks to evade identification. In such attacks, they trick victims into clicking links embedded in emails or download malware disguised as harmless attachments to reveal sensitive information or their login credentials. In some cases, the spam also allows bot herders to infect more devices to make them part of their botnet.
4. Brick Devices
Bot herders also use bots to brick devices. Bricking occurs when Internet-connected systems are infected with malware that deletes their contents. That removes evidence of primary attacks but usually causes the devices to stop working, rendering them useless.
What Can You Do to Protect against Bot Herders?
While botnets are a dime a dozen these days, there are still several things you can do to avoid becoming bot herders’ next victims. We named three below.
- Keep software updated: Since bot herders can use any malware for their attacks, it’s crucial to patch your operating system (OS) and applications as soon as updates, especially those for security, are made available. That way, bot herders can’t prey on vulnerabilities in your system.
- Monitor your network: Since bot herder activities can be tracked through traffic monitoring, it may be helpful if you monitor changes in yours constantly. You can use software for that or go by manual observation. A slowdown in Internet connection or computer performance could indicate malware infection.
- Check for failed login attempts: Normal users can track that via notifications, say from banks, telling them they’ve exceeded the allowed number of tries to access their accounts. For companies, identifying a baseline (average number of failed logins from employees) and making sure anomalies don’t occur may work.
As we’ve established, bot herders can do a lot of damage, and users should avoid becoming one of their puppets by following tried-and-tested best practices.