Building Trust 2 October 2017

Best Practices: Botnets

About Botnets

A “bot” or “botnet” is a program installed on a system to enable that system to automatically (or semi-automatically) perform a task or set of tasks typically under the command and control of a nefarious remote administrator, or “bot master.”  Such bots may have been installed surreptitiously without the user’s understanding or knowledge and are often installed, unknowingly as part of another download or prompted user interaction.

Bots present a major problem for a number of reasons. First, these bots can be used to send spam, in some cases very large volumes of spam, including deceptive and or malicious email. Bots can act as platforms for directing, participating in, or otherwise conducting attacks on critical Internet infrastructure, including the distribution of key-loggers and spyware. Bots are frequently used as part of coordinated Distributed Denial of Service (DDoS) attacks motivated by criminal, political, or other goals.

The two major attack vectors of bots and malware are spoofed and forged email and compromised site content and advertising (malvertising). Fortunately there are simple non-proprietary solutions businesses and government agencies can deploy today to help counter and block these threats. 

The growth of bot-infected end user devices represents a significant threat to the vitality and resiliency of the Internet and to the digital economy. Bots are a global problem requiring the entire ecosystem to work together, as bots threaten to undermine online trust and confidence underlying the foundation of the digital economy.

Bots risk compromising sensitive and personal data from consumers as well as businesses and government agencies, which can lead to online fraud and hijacking of online accounts impacting commerce and banking sites worldwide. They can lead to attacks against public and private networks, and exploitation of end users’ computing power and Internet access. The growth and sophistication of bots have spread from the PC to all platforms (Windows, Linux and Mac OS), mobile devices and smartphones to critical infrastructure.

Best Practices

Harden your systems – Advice for Businesses & Consumers
How can you (and your business) help curb the spread of botnets and malware? Bots impact every user from the casual home user to businesses and government agencies worldwide. They are able to proliferate as a result of a combination of vulnerabilities and through socially engineered exploits.

  • Set all systems to automatically download and install patches
  • Install and update anti-virus software and solutions
  • Use a third-party solution to automatically scan and update all applications, extensions and add ons.
  • Update to Always On SSL to encrypt user logins and communications to help prevent online snooping and capturing of log on credentials
  • Authenticate your email & domains with SPF, DKIM & DMARC to help prevent the delivery of spoofed and forged email

Anti-botnet Resources

Related Efforts and Resources

Related articles

Building Trust 31 August 2020

Policy Toolkit on IoT Security and Privacy

The Policy Toolkit on IoT Security and Privacy is a practical resource for policymakers and regulators to strengthen the...

Building Trust 1 November 2019

Security Factsheet: Keeping Your Workplace Safe Online

For many of us the Internet is a staple in our day-to-day lives – especially at our jobs. But...

Building Trust 1 November 2019

Security Factsheet: Why Should Municipalities Make Network and Data Security a Priority?

Communities can minimize risk by being intentional about how and by whom networks and devices are used. These are...