|
When the purpose of the malware is a botnet, then the malware will usually attempt to spread on the compromised network and receive instructions from a C2 (command & control) server. |
Bots become part of a larger botnet and will participate in various malicious activity such as:
•DDos attacks
•Spam Distribution
•Click fraud
•Crypto mining
Detecting botnets may be difficult if the bot activity is not too aggressive. However, since the whole purpose of the bots is to participate in malicious activity, activity monitoring is often the most effective way to discover anomalies:
•Network Activity
•Unusual resource usage on endpoints (e.g. CPU)
Even though the detection speed of botnets is not as critical as it is with Ransomware, it is nevertheless important to remove botnets as soon as possible to avoid further infections and damage.
