Botnet

A botnet is a collection of compromised endpoints — PCs, servers, routers, IoT devices — that connect back to one or more command-and-control (C2) servers and execute orders from the botnet operator (the "botmaster"). Botnets are used for DDoS attacks, spam, credential stuffing, click fraud, cryptocurrency mining, malware distribution, and as proxy networks for further intrusions. They may use centralized C2, peer-to-peer or fast-flux DNS to resist takedown. Defences include endpoint hygiene, IoT firmware updates, blocking known C2, sinkholing, egress filtering, network anomaly detection, and law-enforcement-led disruptions.