You have already welcomed our robot overlords. I’m not saying this to be mean, and I doubt that you’re a willing traitor to the human race. Nonetheless it is very likely that the machines in your house — your desktop, laptop, and router, possibly even your thermostat or your television — have been corrupted and assimilated into one of the most powerful tools for nuisance-crime on the web: a botnet.

Computers, especially home computers that are used by people who don’t update their browsers or operating systems, are very easy to hack. One might put a Flash exploit kit on a highly trafficked website, for example. If they want to be sneakier, an attacker might go after your home router.

This is easier than its sounds — the router that controls your access to the internet is basically a tiny computer in its own right, with storage and a CPU and all the rest. Even better, it doesn’t even have anything as simple as a free anti-malware scanner to protect it. In fact, you’ve probably never even changed your router’s administrator password (this is different from your WiFi password), so anyone who can google your router’s operating manual can just go in and take control.

The same holds true for any ‘smart’ internet-connected devices, such as a smart television, or a networked thermostat — basically any device that markets itself as being part of the ‘internet of things.’

High demand has made hacking tools more accessible, and the tools needed to create and direct a botnet are basically free. They can be deployed without much more than a rudimentary knowledge of computers. In fact, some black-hats now offer services that allow you to rent a botnet for a low hourly rate, eliminating the effort of creating a botnet from scratch.

What does one do with a botnet? Uses vary. Botnets are commonly used for a distributed denial of service (DDOS) attack. In this case, an attacker will send their entire zombie army to visit the same website at once. This will in most cases shut down the website entirely, preventing anyone from visiting the website or doing business with its owner.

Sometimes this attack is politically motivated, as in “I don’t like the way you do business, and therefore no one will be able to do business with you.” Banks, for example, are a very popular DDOS target, as are government websites. There’s even evidence that a botnet linked to the Russian government has DDOS’ed several sites that were critical of its intervention in the Ukraine.

Other times, a DDOS attack is more akin to holding up a convenience store. If you’re a small or medium business, and suddenly a million robots take down your website, your ability to make money is hot. Simply paying off an attacker is a lot more attractive than investing the time and money required to secure your site. It’s also a lot easier than getting the police involved.

Botnets persist in part because of international borders. It’s quite possible that a hacking group based out of China could rent a server in Panama that controls computers spread out over six continents. Trying to unpick the jurisdictional issues involved could drive the world’s finest legal minds insane. Fortunately, there are some entities that are up to the challenge.

ZeroAccess is one of the largest botnets in the world. At its peak, the infection controlled over two million active systems. In 2013, an organized coalition moved to take down the servers responsible for controlling its robot slaves. The leader of that coalition?

Goddamn Microsoft.

Microsoft identified the servers controlling the ZeroAccess botnet, and got them shut down. Not only that, it recognized the IP addresses being used to control those servers, and got them blocked. Then it took over almost 50 domains being used by the criminal organization. Basically, when it comes to cybercrime, the most boring software company on Earth is actually Batman.

As it turns out, the people leading the charge against botnets tend to be large security companies — aside from Microsoft, companies like Fortinet, FireEye, and a coalition known as SpamHaus have all been involved in the fight. It makes sense, in a way.

These companies are all familiar with the backwaters of the internet, and they’re also familiar with the ISPs that host said backwaters. No reputable ISP wants to be known as a haven for criminals, so all the security companies really need to do is point out the servers where criminals are hiding, and the ISPs will politely shut them off.

None of this deterrence, however, will make quite as much of a dent as individual users being smarter about security. Install basic computer security tools. Secure your router. And for God’s sake, disable Flash.