It is a slang term for a program that runs in the background and take "orders" from somewhere else on the Internet. Short for robot. If you have one, someone else controls your computer. Typically they let you think you still have control and just use it to do their dirty work without (they hope) you knowing what's going on. Like someone taking your car each night from 1 am to 4 am to delivery drugs.
Your neighbor CAN get your keyless entry code from his kitchen window with the right radio scanner widgets and then install things at night that might cause your car to do all sorts of things.
Three main ways.
- You are on the Internet without a router or with one but not behind a NAT setup which means you are exposed to the outside world. There are large number of computers probing EVERY address possible on the Internet to see if you respond. In a perfect world your computer would ignore these probes. But due to bugs in the various operating systems it is possible to find a bug that allows data sent in the probe to overwrite part of the OS and when that section of the OS is used the injected code takes over. Typically at this point it a very small program that calls home and downloads a larger program, hides it in your disk, sets things up to run at startup, then idles in the background waiting for "orders". And does all of this in a way such that you don't notice it happening.
- You visit a web site or read an email that does basically the same as #1 but is based on bugs in your Internet browsing software. The web site (or AD on the web site) or email contains HTML code that exploits a bug and allows code to be inserted into your system.
- Social engineering is where a pop up or email says click here and you WIN, GET, etc ... a million, prize, etc... and what you are clicking is a program (often disguised as a graphic) which install a BOT on your computer.
Alluding to the above, if you are connected to the Internet without a router doing NAT you're exposed. This protects you from the equivalent of folks walking down the street ringing doorbells and seeing which doors are not locked and people not home. The lock is being behind NAT and/or having a fully patched system with no known exploits. But the later is hard as the people looking for exploits to do bad do not advertise them when they find them.
Kids who were having fun seeing what they could do at first. But now mostly thieves or folks paid by thieves to find such things. To be blunt, they do it because there's money to be made and they don't have a problem stealing for gain.
Modern OS's have 10s of millions of lines of code. People buy features. They don't buy future security problems. All those systems designed with security as the first gaol fell on the junk heap of computing past and continue to do so. Well except for some very special cases where market share and cost doesn't mater. But even the NSA finds it cheaper to build totally isolated rooms, and I mean totally, to run software on insecure systems than try and develop custom things that are secure from the ground up. And they will likely have holes also, just not as many. Maybe.
But the basic issue with Windows (and all OS's after a while) is that it has to support old ancient programs plus new stuff and the code base is a mess. You don't really fix code like this. You do you best to apply what can be charitably called a permanent band aid. Been there. Done that. Got the pay stubs. (Not for windows but this is an issue that will not go away.)
LOT. Keeps me employed. Well not totally but is a PITA for me and I mostly admin macs. But have to deal with enough windows systems that it takes way too much time to deal with them. The windows systems that I support are for very specialized systems and the people running them have specific rules about what they can and cannot do.
What people do not realize is that an off the shelf Windows or Mac system with MS Office, Email, web surfing, iTunes, etc... is a more complicated system that their car or even the Apollo moon shots. It's very hard to touch one piece in isolation. And folks will argue that if design "right" this could all be avoided. To some degree they are correct. But it will never be perfect, even when folks try hard. Things are just too complicated for our minds or even our management structures to control it all.