Comments for Is Your PC Part of a Botnet?

Is Your PC Part of a Botnet?

2009-03-16T03:04:59Z

Being part of a botnet is no fun. Your computer becomes your worst enemy, watching everything you do, collecting all of your secrets, and then delivering all that data to the bot-herder; the person who originated the network. But what does it really mean to be part of a botnet, and is there anything that can you do about it?

According to a report today from The Associated Press, Internet security company Prevx recently discovered a Web site that was being used as a storage facility for data stolen from 160K infected computers, and the discovery offers an interesting case study.

]]> The storage site was hosted in the Ukraine and its contents showed that the botnet was harvesting data. Information found included passwords, social security numbers, credit card numbers, addresses, telephone numbers and other personal information; quite a treasure chest if you're into identity theft.

"One Southern California 22-year-old could be seen registering a domain name with
GoDaddy.com, changing his Yahoo e-mail password and ordering a meal online from Pizza Hut. His credit card number, birth date, telephone number, address and passwords are now all in criminals' hands, though it's unclear what, if anything, criminals have done with the information yet," the AP notes.

But it wasn't just individuals that were targeted. According to the article, both government and bank sites had also been compromised. The Associated Press contacted one bank customer whose Social Security number and other personal details were compromised during the attack, only to learn that he hadn't been notified by the bank.

Determine whether your PC is part of a botnet

So how can you tell if you're machine is part of a botnet and what can you do about it?

Statistically, Macs are safe from botnets, although not completely immune to all threats as we noted here. But if you have a Windows based machine, Prevx suggests you stay on the lookout for an Internet connection that seems inexplicably slow when you are online as it may be that a botnet infection is using your connection to send or receive data.

"If this happens, stop surfing, close your email software (e.g. Outlook) and try and open Task Manager by pressing the CTRL, ALT and Delete keys at the same time then selecting Task Manager," the company wrote on its blog recently. "When Task manager opens click on the Network tab and see if your PC is using the internet network connection, if it shows more than a few percent usage then this could be further evidence of something using your internet connection without your knowledge."

Prevx also suggests downloading another security product if you are suspicious, and recommends you use an alternative security product. "If your PC is infected then it is almost certain that your existing security product has already let you down."

Some of the free tools available include RUBotted (Beta) from Trend Micro, BotHunter from SRI International, or try an online virus scan with the Windows Live OneCare safety scanner.

For a primer on botnets, take a look at this short video from Symantec.

Comment from Michael on 2009-03-16

2009-03-16T07:08:24Z

As long as you visit trusted websites, don't open email attachments, don't download illegal content, don't install random apps from all over the place, run anti-virus, a firewall, and anti-spyware apps you should be fine. Or you could run OS X or Linux.

Comment from Rex on 2009-03-16

2009-03-16T13:25:07Z

Running OS X or Linux would be my choice. OS X is a no brainer compared to anything Windoze.

Comment from Albert Ng on 2009-03-16

2009-03-16T16:14:37Z

What security software do you recommend? I'm on Windows 7 and I find that I lag for 3-5 minutes spontaneously throughout the day

Comment from Jesus on 2009-03-16

2009-03-16T20:10:07Z

Rex, enjoy your child-proof computer which you overpaid $700 for.

Comment from Moses on 2009-03-16

2009-03-16T20:52:40Z

Enjoy your botnet host you saved $700 for, and then give it free bandwidth to with your $600 per year cable bill.

Comment from Don on 2009-03-16

2009-03-16T21:02:28Z

Michael, you are so wrong. The latest way to distribute malware is from Flash banner ads, and they do a great job.

Comment from Craig on 2009-03-16

2009-03-16T21:29:54Z

Quoting Michael: "As long as you visit trusted websites, don't open email attachments, don't download illegal content, don't install random apps from all over the place, run anti-virus, a firewall, and anti-spyware apps you should be fine. Or you could run OS X or Linux."

Myth #1 -- Trusted Sites Can Do No Harm
This advice was all well and good 5 years ago, but today it really isn't true. Fact of the matter is that many 'trusted websites' have been the attack vector for botnet infection. Newer worms and botnets (like ASProx for example) use SQL injection attacks to compromise legitimate sites and install malicious content. For a couple hundred bucks, anyone can buy a custom made attack kit (mpack is a big one) that attempts to detect and exploit the UA.

Myth #2 -- I'm Safe If I Don't Open Attachments
Recent 'in the wild' exploitation of Adobe PDF vulnerabilities has demonstrated that attackers don't need you to open the file. Simply generating the thumbnail of a specially crafted PDF doc can land you malware/botnet/etc infection.

I have a bunch more, but don't really have time to share. Hope this was informative.

Comment from Methesulah on 2009-03-16

2009-03-16T21:30:15Z

If you are reading this message you have become a part of my botnet.

Comment from maurice on 2009-03-16

2009-03-16T22:14:29Z

Correct title should be:
"Is your Windows PC part of a BOTNet?"

Comment from Not Ignorant on 2009-03-16

2009-03-17T01:05:50Z

Wow... a lot of Mac fans in here, and so obviously demonstrating their lack of knowledge. Yes, Windows based PCs are likely targets for attack, but it's certainly not because of a poorly constructed operating system. Microsoft used to have well over 90% of the market share for computers accessing the internet while Apple and Linux shared the remaining small percentage. Now, tell me - do you honestly think attackers aren't targeting Macs and Linux based computers because they're "too secure"? No. Not even close. They're going after the larger portion of computer owners because of the increased chance of success. Recently, the market share numbers for Microsoft have fallen into the 80% range, and guess who is starting to have more problems with attacks and viruses due to increased popularity? *GASP* Macs!! OH EM JEE EL OH ELZ kthxbai

Comment from Tracy on 2009-03-16

2009-03-17T01:58:49Z

I recommend noscript.exe this will prevent viruses from executing automated scripts. It takes a little work in the beginning, because the websites you go to all the time will set off questions from it (like yahoo.com, cnn.com, aol.com, etc) but will give you the option to always or temporarily allow all or some parts of the site. After a few days, it is set to go for most of your websurfing purposes.

Comment from deliciousbeverage on 2009-03-16

2009-03-17T02:19:32Z

Mac fans or no, the fact remains that the percentages are not in windows' users favor here.

Comment from Hieysk on 2009-03-16

2009-03-17T05:13:58Z

What a spambot does to your pc. (screenshots)

http://www.sixfiveinc.com/?p=74

Comment from Gerald Anthro on 2009-03-16

2009-03-17T05:17:58Z

YOu are not safe.
No matter what you do.

You ain't seen nothin YET.
The new WMD bot nets,

http://warintel.blogspot.com/2009/03/www-security-getting-impossible.html

Gerald Anthro

Comment from venkat on 2009-03-16

2009-03-17T05:32:28Z

Thanks for readwriteweb for this article, people who follow readwriteweb should get awareness about these bots ,every computer user shuld be aware of these things and improve his knowledge to make sure his computer should not be a victim of bots.

Comment from Lucas on 2009-03-17

2009-03-17T09:28:52Z

I recommend downloading this small executable, Fireblocker.exe from http://safeware.cz Save your money, just get this little file and it will ensure that your machine will not fall victim to botnet attacks...

Oh and remember, you haven't won anything even if they say you have. Smileys are EVIL; you don't really even want a 3D emoticon, even if its free; Don't run software keygens, deal with the screen savers you already have on your computer or go buy a boxed item at best buy. (Even then, be careful some cheap mp3 players and digital photo frames come with more than just a USB cable). just be careful out there. One last thing, DO NOT USE INTERNET EXPLORER! Go get mozilla, chrome, anything but IE.

What makes the interwebs so cool is all the people on it. So if you see something you cant live without, ask some one if they know anything about it, or go to this one site, I forget the name of it but its something like googer, or gooble or ah hell who knows, but search for it online.

Comment from mag on 2009-03-17

2009-03-17T09:29:50Z

Thanks

Comment from Rene Kriest ProBloggerWorld on 2009-03-17

2009-03-17T09:40:48Z

If someone states that any OS is secure-by-default then this is a sign that the person didn't understand the whole problem. There will always be security flaws, some by design (Win Scripting) and some by accident (Hacks).

The truth is that the Mac plainly sucks when it comes to security: http://news.cnet.com/8301-13579_3-9905095-37.html

Shall I laugh about it or shall I take an interest in this issue despite the fact that I am more prone to the Windowz world? I prefer the latter.

And BTW, Linux is safe? What exactly is Linux? Do you mean a distribution, a fork or the kernel code? Confusing? Maybe that's why so many lamp server got hacked and maybe that's why people regardless whether they refer to themselves as experts or not should have a look at securityfocus.com to debunk the secure-by-default myth.

We are in the same boat. Competition is one thing, security another. I would love to see MacOS being the #1 OS in the world. While MacOS has to struggle with worms, trojans, botnets etc. I can enjoy a secure-by-default windows - finally... ;)

Comment from Linux user on 2009-03-17

2009-03-17T13:57:00Z

First Mac users, like Jesus said, "enjoy your child-proof computer which you overpaid $700 for", second Windows users, enjoy a really high bill and being part of a botnet.

Faithfully, a Linux user, who "enjoys" neither.

Comment from Joe on 2009-03-17

2009-03-17T16:00:10Z

Thanks!

Comment from WebBanshee on 2009-03-18

2009-03-18T10:01:40Z

Hi , i am on XP and it makes it's job very well for my purpose.I agree with the taskmanager check, it is a good advice to check the network traffic in a state where no no internet using applications are running and no browser is open.

Further i am using 3rd party antivirus software, a firewall and from time to time i let spy bot scan my system.Apart from beein behind a router.

I like XP but i would not feel secure with the default windows security environment.

Comment from Thomas Whitney on 2009-03-18

2009-03-18T17:30:46Z

This site does a great job at answering the very questions raised in this post:

http://www.justaskgemalto.com/en/surfing

Comment from Jay on 2009-03-18

2009-03-18T20:20:37Z

The video from Symantec describes symptoms which parallel the normal operation of most Norton products. LOL.

Comment from watzabatza on 2009-03-22

2009-03-22T10:16:38Z

I think ESET is a good security software... What do you think guys?

Comment from Mark Markton on 2009-03-29

2009-03-29T11:30:29Z

Yet botnets are not fun. Make sure you are running a good firewall like the free comodo firewall, and a antivirus program like the free AVG, also dowload the the free spyware remover adaware and run it regularly.

And dont believe the line about Macs being safer. Macs, at this juncture are being targeted much more frequently primarily because many Mac users have been conned into thinking that the lack of popularity of their platform grants them protection, also many Mac users are perceived as being technologically gullible. If you want to go down that path of safety resulting from lack of popularity, just install Ubuntu in your system--its free and wonderful and can dual boot with Windows.

Comment from mark markton on 2009-03-29

2009-03-29T11:32:32Z

Comment from www.thegeniusfiles.com on 2009-03-29

2009-03-29T16:58:13Z

Well, sure Windows is going to be targeted more because of its market share. But seriously, is that any kind of excuse for Microsoft's extremely poor security record? MS is a very large company with a lot of resources. How is it that a whole 3rd-party industry has "of necessity" sprung up to address Windows' shortcomings?
Would you find it acceptable to buy a new car from General Motors, only to discover that brakes and door locks cost extra and are only available from a 3rd-party?
The fact is that the near-monopoly enjoyed for far too long by MS has made MS extremely, dangerously complacent. Foolishly, the US government and others have allowed this situation to continue far too long. It is a disaster in the making; perhaps intentionally so.
Bottom line is that security matters a lot more than is generally acknowledged. Since computers are such a major part of society now, security should be something taught in public schools just like basic math and literacy.

Comment from Windows Boy on 2009-04-28

2009-04-28T12:12:16Z

Using bit sense and KIS (Kaspersky Internet Security) or NOD is the best way.

Comment from MassHunter on 2009-11-01

2009-11-01T19:54:02Z

Seems that you all agree that Linux is actually safe to use. My question is how far is Linux really safe with regard to botnets? Are there really no weakness?
Because most of the big web servers are now based on Linux, are really botnet-proof???
Thx