If you read the literature on botnets you may observe, as I did, that the generally accepted definition for ‘botnet’ is too narrow. For example, Techopedia defines a “botnet” as follows:
“A botnet is a group of computers connected in a coordinated fashion for malicious purposes. Each computer in a botnet is called a bot. These bots form a network of compromised computers, which is controlled by a third party and used to transmit malware or spam, or to launch attacks.”
This definition is too narrow. From my experience working on cyberspace situational awareness, I think a more accurate definition of “botnet” is something like:
“A botnet is a group of computers connected in a coordinated fashion on a network for coordinated task purposes. Each computer in a botnet is called a bot. These bots form a network of computers which are controlled by one or more botnet administrators and used to accomplish tasks for specific purposes. Botnets may be malicious, for example a botnet which delivers high volume traffic for a denial of service attack. Botnets might be abusive or self-serving, for example a botnet which presses “like” (votes) on a social media network to increase visibility of a post or comment. Botnets may be commercially useful and benign, for example a network of bots which index websites on the Internet, for example the GoogleBot network.
It’s important to understand that, in order to create situational awareness in cyberspace, we must understand that there are many types of botnets, some botnets are malicious, some “self-serving”, some are very useful and well accepted.
Also, it is not necessary for a botnet to be a network of bots which the code has been secretly planted or “infected” in an unsuspected computer (as often defined). Botnets can be created by a person, an organization or a government (or another computer process). For example, an organization could purchase computing resources for a specific campaign, install the botnets, and control the botnetwork without a requirement to covertly infect computers.
It’s important to view cybersecurity in a broader context if we are truly to understand what is happening in cyberspace.
Most cybersecurity people do not yet understand this key concept. It’s important to obtain general situational knowledge of cyberspace if we are to truly understand “what is going on” in cyberspace.