“Bot” is short for robot, and it is a software program that performs automated, repetitive, pre-defined tasks. Bots are automated, meaning that they can run according to their instructions without a human needing to manually restart them, and their repetitive actions often imitate or replace human users’ behaviors. Bots typically operate over a network, with more than half of internet traffic being comprised of bots scanning content, interacting with web pages, chatting with users, or even looking for cyberattack targets.
A bot looking for a cyberattack target is a bad bot, and bad bots can carry out all kinds of harmful tasks that can be used for hacking, spamming, spying, interrupting, and compromising websites of all kinds. Malware bots and internet bots can be programmed to infiltrate user accounts, scan the internet for contact details, to deploy spam, or to perform other harmful tasks. To carry out these harmful tasks while disguising the source of the cyberattack traffic, cyberattackers may distribute bad bots in a “botnet”, which is a bot network comprised of a number of internet-connected device running bots, possibly without the device-owner’s awareness. With each device having its own IP address, the botnet traffic is difficult to pinpoint and block, giving the bot more time and opportunity to spread via spam emails. Some types of bad bots include:
Spambots. Spambots use contact lists or guestbook pages to collect email addresses, or they may post promotional content in forums or in comments that drive traffic to malicious websites.
File-sharing bots. File-sharing bots take a user’s query term and respond the query, asserting that they have the file available for download via a web link. Once the user clicks on the link, downloads the file, and opens it, their computer will be infected.
Malicious chatterbots. Malicious chatterbots pose as humans, simulate human interactions, and will obtain personal information from victims who believed they were chatting with a real human. Dating services and applications are popular locations for malicious chatterbots.
Credential stuffing. Bots “stuff” known usernames and passwords obtained from data breaches into log-in pages in attempts to gain unauthorized access to accounts.
DoS or DDoS bots. Excessive bot traffic is deployed to overwhelm server resources and disrupt their operation.
Denial of inventory. In a denial of inventory cyberattack, bots target online shops to access the shopping cart, select items from the store add them to the shopping cart, and then never complete the transaction, making it appear to human customers that the items are out-of-stock.
Traffic monitoring. Bots overload mail servers or carry out large-scale data theft.
Click fraud bots. Click fraud bots produce a large amount of malicious bot traffic targeting paid ads to engage in ad fraud by clicking paid ads at the expense of advertisers who mistake them for legitimate traffic.
Scraper bots. Scraper bots extract content and data from a website, including underlying code, then the scraper can replicate the content elsewhere.
Vulnerability scanners. Bots scan for vulnerabilities and report them back to their creator who then sells this information or uses it themselves to carry out a cyberattack.