Botnet is a collection of online programs communicating with other similar programs in order to perform tasks. You’ve probably heard the term “botnets” in reference to high-profile takedowns that periodically grab headlines. When we hear the news, we take heart that the good guys are winning the war. But the truth is, a botnet may be closer than you think. your PC or laptop could be compromised right now, programmed to mindlessly distribute spam and malicious code. Worst of all, chances are good you’d never even know it.
In this article, we’ll take a closer look at one of the cybercriminal’s more devious tools, the botnet. We’ll show you how botnets work, how they came to be on millions of computers around the globe (perhaps even yours), and what you can do to prevent an infection or retake control of an infected machine.
Botnets, Single-Minded Malware
The word “bot,” short for robot, is used to describe a computer that is infected with a type of malware that is designed to surreptitiously infiltrate a remote user’s PC and make it perform unauthorized functions. These include gathering and forwarding your contacts lists to the cybercriminal’s system (known as a C&C [command-and-control] computer), using your IP address to obfuscate the source of malware or spam, sending thousands of simultaneous requests to a Web-accessible server in an attempt to shut it down, or nabbing identifying information that a cybercriminal can use to steal your identity. Due to their mindless nature, bots are sometimes referred to as zombies.
Bots are actually categorized as backdoor Trojans, which is a type of selfreplicating malware that opens a path for a C&C to issue it commands. Some malware is designed to smash and grab as much private and personal data as possible. This is likely the malware you’re most familiar with because it doesn’t worry about hiding itself. The most successful bots, on the other hand, are the ones that remain undetected for as long as possible.
A single computer infected with a bot can send thousands of emails per hour, but because it typically has just a single connection to the Internet, it is rather bandwidth limited. Multiplied by a couple hundred or thousand, and this network of infected PCs can generate millions of spam messages in a very short amount of time. This network of computers all working together to send spam and propagate the infection is called a botnet, and they all take orders from the C&C computer through various means. To maintain such a large network, the bots are designed to run in the background, leaving your computer as fully functioning as possible. Avoiding detection is a distinguishing component of the malware that infects every computer in a botnet.
The cybercriminals behind botnets are often called bot herders. The malware they generate is designed to target computers using the same tactics as every other type of malware: via vulnerable software, weak security policies, out-of-date applications, and other known exploits. They also use social engineering methods to get unwitting computer users to allow the infected code to take root on their PCs, which is called phishing. To issue commands to the botnets they control, bot herders can use a variety of methods, but two of the most common methods are via IRC (Internet Relay Chat) or through an automated P2P (peer-to-peer) connection.
Steps to Defend Your Computer From Botnets
A botnet’s strength is in its numbers, so all it takes to make yourself a target is to have a vulnerable system
exposed to the Internet. You can get infected by clicking a link in an email, by visiting a website hosting malicious
software, running unpatched software, or letting your security software fall out-of-date. These are the steps to prevent your computer infected by botnets.
- Run a virus scan on any email attachment you get (even from trusted sources).
- Be wary of hyperlinks in emails. if it appears to be from a trusted site, hover your cursor over the hyperlink (don’t click) to see if the underlined text you trust is the same as the hyperlink’s actual destination. If they differ in any way, delete the email and contact the trusted site directly to determine how to proceed.
- Be wary of unknown flash drives. Simply plugging them into your PC can inject malware, and you’d be none the wiser. You can prevent an unknown flash drive from executing code by holding the SHIFT key immediately after inserting the drive. By the same token, if your PC is already infected and you insert a clean flash drive, the PC can install a hidden instance of the malware on the storage device, which can then spread the infection by automatically installing it when plugged into another computer.
- Practice safe browsing and downloading techniques. Don’t download files from untrusted sources, visit unknown URLs, or click random hyperlinks. Be wary of free software, movies, games, and music. these are the bot herder’s favorite bait.
- Don’t click anything in a banner ad or unexpected popup message while browsing the Web. Be especially reluctant to click anything in a pop-up that claims to be a security alert or offers to scan your computer for infections unless you know for a fact that the pop-up was generated by your trusted anti-malware software. If you’re at all unsure, press CTRL-F4. If this doesn’t banish the pop-up, press ALT-F4, which will close the browser (close all tabs, and don’t restore your session later).
- Install and run malware scanners (from trusted vendors) on a regular basis, or schedule a daily pass if your software allows scheduling.
- Make sure your firewall is up-to-date and enabled. If prompted to let an application through the firewall, make sure it’s an application you trust.
- Antiphishing technology is also available for your browser, such as Windows SmartScreen, which can block malware that has yet to be discovered by malware-blocking software.
- Avoid using common passwords, create strong passwords, and never reveal your login details to anyone.
- Consider to use security framework.
- Configure your operating system to automatically install updates. Make sure to update other applications when prompted. If possible, avoid using software that the vendor does not actively support. This includes avoiding operating systems that are no longer receiving critical updates and security patches.