Editing Botnet (section)

==Core components==
A botnet's originator (known as a "[[bot herder]]" or "bot master") controls the botnet remotely. This is known as the command-and-control (C&C). The program for the operation must communicate via a [[covert channel]] to the client on the victim's machine (zombie computer).

===Control protocols===
IRC is a historically favored means of C&C because of its [[List of Internet Relay Chat commands|communication protocol]]. A bot herder creates an IRC channel for infected clients to join. Messages sent to the channel are broadcast to all channel members. The bot herder may set the channel's topic to command the botnet. For example, the message <code>:herder!herder@example.com TOPIC #channel DDoS www.victim.com</code> from the bot herder alerts all infected clients belonging to #channel to begin a DDoS attack on the website www.victim.com. An example response <code>:bot1!bot1@compromised.net PRIVMSG #channel I am DDoSing www.victim.com</code> by a bot client alerts the bot herder that it has begun the attack.<ref name=":0" />

Some botnets implement custom versions of well-known protocols. The implementation differences can be used for detection of botnets. For example, [[Mega-D]] features a slightly modified [[Simple Mail Transfer Protocol]] (SMTP) implementation for testing spam capability. Bringing down the [[Mega-D]]'s SMTP server disables the entire pool of bots that rely upon the same SMTP server.<ref>C.Y. Cho, D. Babic, R. Shin, and D. Song. {{usurped|1=[https://web.archive.org/web/20160924031813/http://www.domagoj-babic.com/index.php/Pubs/CCS10botnets Inference and Analysis of Formal Models of Botnet Command and Control Protocols]}}, 2010 ACM Conference on Computer and Communications Security.</ref>

===Zombie computer===
In [[computer science]], a [[Zombie (computer science)|zombie computer]] is a computer connected to the Internet that has been compromised by a [[hacker]], [[computer virus]] or [[Trojan horse (computing)|trojan horse]] and can be used to perform malicious tasks under remote direction. Botnets of zombie computers are often used to spread [[Email spam|e-mail spam]] and launch [[denial-of-service attack]]s (DDoS). Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to [[zombie]]s. A coordinated DDoS attack by multiple botnet machines also resembles a zombie horde attack.<ref>{{cite web|author=Teresa Dixon Murray|title=Banks can't prevent cyber attacks like those hitting PNC, Key, U.S. Bank this week|url=http://www.cleveland.com/business/index.ssf/2012/09/banks_cant_prevent_cyber_attac.html|publisher=Cleveland.com|access-date=2 September 2014|date=28 September 2012|archive-date=25 July 2015|archive-url=https://web.archive.org/web/20150725071548/http://www.cleveland.com/business/index.ssf/2012/09/banks_cant_prevent_cyber_attac.html|url-status=live}}</ref>

The process of stealing computing resources as a result of a system being joined to a "botnet" is sometimes referred to as "scrumping".<ref>{{cite news|last1=Arntz|first1=Pieter|title=The Facts about Botnets|url=https://blog.malwarebytes.com/cybercrime/2015/02/the-facts-about-botnets/|website=Malwarebytes Labs|access-date=27 May 2017|date=30 March 2016|archive-date=17 July 2017|archive-url=https://web.archive.org/web/20170717100925/https://blog.malwarebytes.com/cybercrime/2015/02/the-facts-about-botnets/|url-status=live}}</ref>