Bully Botnets 101

By Laura Yecies

Botnets continue to be the scourge of the Internet, affecting consumers, businesses and ISPs. The Storm worm, which over the past couple of years has created one of the largest known botnets ever and may have infected over a million PCs, is just the tip of the iceberg. The headlines are scary, but we believe it is possible to stay safe.

The first step is to understand the threat. What is a botnet, and how can you protect yourself from becoming a dreaded zombie?

Essentially, a botnet is a bunch of personal and even business PCs that a hacker has successfully compromised (with a Trojan, virus or other “backdoor” malware). Those PCs are referred to as “zombies” or “bots” because they are mindless thugs controlled remotely, used to carry a cybercriminal’s dirty work.

In the past hackers often used botnets to launch distributed denial-of-service (DDoS) attacks against a company, often in some sort of protest (or make a political statement etc). Basically, they wanted to wreak havoc. How did they do it? A hacker might harness the power of all the bandwidth available from thousands (or more) zombie PCs to flood
a company’s servers with random, useless Internet traffic and data packets in order to bring down their Web site or disrupt e-mail/Internet communications. Then they’d brag about it.

Today, botnets are less typically tools of revenge and glory and more often exploited for financial gain. They may be “rented” out to other cybercrooks for sending out masses of spam, or they may be used to serve illegal content such as child pornography – enabling the illegal venture to essentially hide behind an innocent PC user.

Botnets are also exploited to steal financial information (hackers can build up financial profiles of the “people behind the PCs” by spying on online banking, shopping etc and sell the profile on the Internet’s black market), or they’ll use them to distribute spyware like keyloggers to capture sensitive information from even more unsuspecting users.

Now you know what a botnet is and how hackers use them. So how do you know if you could own a zombie PC? Slow, sluggish performance is one sign. Is your Internet connection lagging? Does your PC get stuck at times (and you’ve exhausted all other explanations, like you haven’t run your system maintenance for awhile and you have adequate RAM etc)? Or, when you are doing nothing on your PC, can you hear it “thinking” (IE the processor is working, even when you’re across the room watching TV)?
Does your firewall give you random alerts when you are surfing the Internet?

If you suspect your PC is a zombie, run a virus/spyware scan immediately and remove/quarantine any suspicious applications found. If viruses or spyware are found on your PC, consider changing your passwords and keep an eye on your bank accounts and credit statements. You can also take it a step further and sign-up for an identity theft protection service if you suspect your personal information has fallen in the wrong hands.

How can you prevent your PC from turning into a zombie? Use a full security suite, set your firewall settings to “high”, and make sure you keep your all of your antivirus and anti-spyware definitions/signatures up-to-date. Also, keep your PC’s operating system, plus all other installed software such as your browser, current by installing new
security updates and patches. This simple step can make a major difference, since hackers often install malware through exploits in everyday software.

Have you ever become part of a botnet? I’d love to hear your stories.