A botnet is a network of compromised computers or other internet-connected devices that are controlled remotely as a group. The word combines robot and network, reflecting the idea of many automated systems acting together. In practice, the individual machines in a botnet are often called bots or zombies.

Botnets are usually built with malware that infects devices and connects them to a command-and-control system. That controller can send instructions to large numbers of infected devices at once, turning them into a coordinated tool for the attacker. A single botnet may include hundreds, thousands, or even far more devices, depending on how widely the malware spreads.

How botnets are used

Botnets are most commonly associated with illegal activity. They are often used to send spam email, distribute phishing messages, steal data, or overload websites and online services with traffic. One of the best-known abuses is a distributed denial-of-service attack, in which many infected devices flood a target until it becomes slow or unavailable.

  • Spam and phishing: sending large volumes of messages from many devices.
  • DDoS attacks: overwhelming a server, network, or service with traffic.
  • Credential theft: helping attackers harvest passwords or session data.
  • Proxy abuse: routing malicious traffic through infected devices to hide the source.
  • Cryptomining: secretly using device resources to mine cryptocurrency.

How they work and why they matter

A botnet usually has three main parts: the infected device, the malware that keeps it under control, and the command channel used by the attacker. The malware may spread through unsafe downloads, malicious email attachments, weak passwords, or unpatched software. Once a device is infected, the owner may not notice much, aside from slower performance, extra network traffic, or unusual settings.

The security impact of botnets is significant because they scale individual infections into a larger threat. Even low-powered devices can become useful when combined with many others. For this reason, botnets have become a major concern in cybersecurity, especially as home routers, cameras, and other internet-connected devices have joined traditional personal computers as targets.

Defending against botnets usually involves keeping software updated, using strong authentication, monitoring network activity, and removing malware promptly. Security researchers and internet providers also try to disrupt command-and-control infrastructure and block malicious traffic. In an encyclopedia sense, a botnet is best understood as a coordinated, remotely controlled collection of compromised devices, rather than a single program or machine. The term software agents is sometimes used in broader computing contexts, but in the case of botnets it usually refers to maliciously controlled clients rather than independent helpers.