Botnet code was originally distributed as infected email attachments, but as users have grown more cautious, cybercriminals have turned to other methods. When users click to view a spam message, botnet code can be secretly installed on the users’ PC. A website may be unknowingly infected with malicious code in the form of an ordinary-looking advertisement banner, or may include a link to an infected website. Clicking on any of these may install botnet code. Or, botnet code can be silently uploaded, even if the user takes no action while viewing the website, merely through some un-patched vulnerability that may exist in the browser.
Firewalls and antivirus software do not necessarily inspect all data that is downloaded through browsers. Some bot software can even disable antivirus security before infecting the PC. Once a PC has been infected, the malicious software establishes a secret communications link to a remote “botmaster” in preparation to receive new commands to attack a specific target. Meanwhile, the malicious code may also automatically probe the infected PC for personal data, or may log keystrokes, and transmit the information to the botmaster.