How Botnets Are Used

Distributing Malware

Botnets often play important roles in malware distribution schemes. In a typical scenario, an attacker uses bots to send spam messages that contain links to malware, which itself is often hosted by the botnet. The messages use social engineering techniques to convince recipients to click the links, such as disguising the message as a news digest with provocative-sounding fake headlines, or as a message from a friend purporting to offer a link to an embarrassing photo of the recipient. The malware is either offered for download directly, as a disguised executable file, or is hosted on a webpage that includes exploits that are designed to use specific browser vulnerabilities to secretly install malware on visitors’ computers (a tactic sometimes called drive-by downloading). For more information, see Analysis of Drive-By Download Pages in the Reference Guide section.

One example of a drive-by download attack

Drive-By Download Attack

Click on the Image to Enlarge.

Occasionally an attacker sends malware directly to recipients as a file attachment, although most popular email programs and services block users from downloading actual or suspected malicious files. (See "Email Threats” in the Reference Guide section of the Security Intelligence Report website for more information.)

Top of page Top of Page

Featured Articles


United States Change All Microsoft Sites



Was the information in this article helpful?