Stacheldraht botnet diagram showing a DDoS attack. (Note this is also an example of a type of client-server model of a botnet.)

A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service attack (DDoS attack), steal data,[1] send spam, and allows the attacker to access the device and its connection. The owner can control the botnet using command and control (C&C) software.[2] The word "botnet" is a combination of the words "robot" and "network". The term is usually used with a negative or malicious connotation.


A botnet is a logical collection of Internet-connected devices such as computers, smartphones or IoT devices whose security have been breached and control ceded to a third party. Each compromised device, known as a "bot", is created when a device is penetrated by software from a malware (malicious software) distribution. The controller of a botnet is able to direct the activities of these compromised computers through communication channels formed by standards-based network protocols, such as IRC and Hypertext Transfer Protocol (HTTP).[3][4]

Botnets are increasingly rented out by cyber criminals as commodities for a variety of purposes.[5]