A botnet is a group of computers compromised with the intention of instructing them to perform malicious actions. Botnets are usually controlled through a network protocol, such as an IRC (Internet Relay Chat), via the Internet. Systems compromised as part of a botnet run malicious software that may exploit vulnerabilities or download additional malware such as Trojans. A command-and-control server (C&C) is often used to host instructions that are directed to the botnet group of computers to initiate updates and new commands. A botnet could essentially be instructed to flood Internet users with spam or even spread malicious software.
Botnets were originated as a legitimate tool used to perform tasks in an IRC channel when the user was occupied with other responsibilities. Malicious botnets are in abundance nowadays, consisting of over millions of compromised computers for a single botnet network.
A botnet controller (“bot master” or “bot herder”), known as the originator of the botnet, can remotely control a group of computers taken hostage by malware. Additionally, the command-and-control server may send automated updates, instructions and even port malware to the botnet computers. Once a system is compromised and becomes a part of a botnet, the computer user must remove the malware or bot software to restore the system to its normal operation.