Botnets can spread in four different ways. The first involves distributing the malware by email. Here, the botnet is used directly to expand the network further – the installation program is sent by email and the recipient is asked to download the attachment. As soon as they open the file, the malware is installed in the background and the computer becomes part of the botnet.
Another way for botnets to spread is through “voluntary” downloads. Here, the user downloads and executes a piece of software which appears perfectly harmless, but actually contains a trojan horse. Legitimate programs are increasingly being hacked and turned into carriers for trojan horses.
Thirdly, so-called “exploits” are also used to expand botnets. This technique exploits security holes in operating systems or browsers in order to recruit computers to the network. Some exploits still require the user to actively click on a clink, but “drive-by infections,” whereby malicious code is executed as soon as a site loads, are becoming increasingly common. In this way, popular websites that have no connection to the botnet can also be infected.
The last and least common means by which botnets spread is by manual installation. This usually involves servers, because they have a good network connection and more processing power.