Is Your PC Part of a Botnet?
Being part of a botnet is no fun. Your computer becomes your worst enemy, watching everything you do, collecting all of your secrets, and then delivering all that data to the bot-herder; the person who originated the network. But what does it really mean to be part of a botnet, and is there anything that can you do about it?
According to a report today from The Associated Press, Internet security company Prevx recently discovered a Web site that was being used as a storage facility for data stolen from 160K infected computers, and the discovery offers an interesting case study.
The storage site was hosted in the Ukraine and its contents showed that the botnet was harvesting data. Information found included passwords, social security numbers, credit card numbers, addresses, telephone numbers and other personal information; quite a treasure chest if you're into identity theft.
"One Southern California 22-year-old could be seen registering a domain name with
GoDaddy.com, changing his Yahoo e-mail password and ordering a meal online from Pizza Hut. His credit card number, birth date, telephone number, address and passwords are now all in criminals' hands, though it's unclear what, if anything, criminals have done with the information yet," the AP notes.
But it wasn't just individuals that were targeted. According to the article, both government and bank sites had also been compromised. The Associated Press contacted one bank customer whose Social Security number and other personal details were compromised during the attack, only to learn that he hadn't been notified by the bank.
Determine whether your PC is part of a botnet
So how can you tell if you're machine is part of a botnet and what can you do about it?
Statistically, Macs are safe from botnets, although not completely immune to all threats as we noted here. But if you have a Windows based machine, Prevx suggests you stay on the lookout for an Internet connection that seems inexplicably slow when you are online as it may be that a botnet infection is using your connection to send or receive data.
"If this happens, stop surfing, close your email software (e.g. Outlook) and try and open Task Manager by pressing the CTRL, ALT and Delete keys at the same time then selecting Task Manager," the company wrote on its blog recently. "When Task manager opens click on the Network tab and see if your PC is using the internet network connection, if it shows more than a few percent usage then this could be further evidence of something using your internet connection without your knowledge."
Prevx also suggests downloading another security product if you are suspicious, and recommends you use an alternative security product. "If your PC is infected then it is almost certain that your existing security product has already let you down."
Some of the free tools available include RUBotted (Beta) from Trend Micro, BotHunter from SRI International, or try an online virus scan with the Windows Live OneCare safety scanner.
For a primer on botnets, take a look at this short video from Symantec.
Share
Facebook
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
As long as you visit trusted websites, don't open email attachments, don't download illegal content, don't install random apps from all over the place, run anti-virus, a firewall, and anti-spyware apps you should be fine. Or you could run OS X or Linux.
Running OS X or Linux would be my choice. OS X is a no brainer compared to anything Windoze.
What security software do you recommend? I'm on Windows 7 and I find that I lag for 3-5 minutes spontaneously throughout the day
Rex, enjoy your child-proof computer which you overpaid $700 for.
Enjoy your botnet host you saved $700 for, and then give it free bandwidth to with your $600 per year cable bill.
Michael, you are so wrong. The latest way to distribute malware is from Flash banner ads, and they do a great job.
Quoting Michael: "As long as you visit trusted websites, don't open email attachments, don't download illegal content, don't install random apps from all over the place, run anti-virus, a firewall, and anti-spyware apps you should be fine. Or you could run OS X or Linux."
Myth #1 -- Trusted Sites Can Do No Harm
This advice was all well and good 5 years ago, but today it really isn't true. Fact of the matter is that many 'trusted websites' have been the attack vector for botnet infection. Newer worms and botnets (like ASProx for example) use SQL injection attacks to compromise legitimate sites and install malicious content. For a couple hundred bucks, anyone can buy a custom made attack kit (mpack is a big one) that attempts to detect and exploit the UA.
Myth #2 -- I'm Safe If I Don't Open Attachments
Recent 'in the wild' exploitation of Adobe PDF vulnerabilities has demonstrated that attackers don't need you to open the file. Simply generating the thumbnail of a specially crafted PDF doc can land you malware/botnet/etc infection.
I have a bunch more, but don't really have time to share. Hope this was informative.
If you are reading this message you have become a part of my botnet.
Correct title should be:
"Is your Windows PC part of a BOTNet?"
Wow... a lot of Mac fans in here, and so obviously demonstrating their lack of knowledge. Yes, Windows based PCs are likely targets for attack, but it's certainly not because of a poorly constructed operating system. Microsoft used to have well over 90% of the market share for computers accessing the internet while Apple and Linux shared the remaining small percentage. Now, tell me - do you honestly think attackers aren't targeting Macs and Linux based computers because they're "too secure"? No. Not even close. They're going after the larger portion of computer owners because of the increased chance of success. Recently, the market share numbers for Microsoft have fallen into the 80% range, and guess who is starting to have more problems with attacks and viruses due to increased popularity? *GASP* Macs!! OH EM JEE EL OH ELZ kthxbai
I recommend noscript.exe this will prevent viruses from executing automated scripts. It takes a little work in the beginning, because the websites you go to all the time will set off questions from it (like yahoo.com, cnn.com, aol.com, etc) but will give you the option to always or temporarily allow all or some parts of the site. After a few days, it is set to go for most of your websurfing purposes.
Mac fans or no, the fact remains that the percentages are not in windows' users favor here.
What a spambot does to your pc. (screenshots)
http://www.sixfiveinc.com/?p=74
YOu are not safe.
No matter what you do.
You ain't seen nothin YET.
The new WMD bot nets,
http://warintel.blogspot.com/2009/03/www-security-getting-impossible.html
Gerald Anthro
Thanks for readwriteweb for this article, people who follow readwriteweb should get awareness about these bots ,every computer user shuld be aware of these things and improve his knowledge to make sure his computer should not be a victim of bots.
I recommend downloading this small executable, Fireblocker.exe from http://safeware.cz Save your money, just get this little file and it will ensure that your machine will not fall victim to botnet attacks...
Oh and remember, you haven't won anything even if they say you have. Smileys are EVIL; you don't really even want a 3D emoticon, even if its free; Don't run software keygens, deal with the screen savers you already have on your computer or go buy a boxed item at best buy. (Even then, be careful some cheap mp3 players and digital photo frames come with more than just a USB cable). just be careful out there. One last thing, DO NOT USE INTERNET EXPLORER! Go get mozilla, chrome, anything but IE.
What makes the interwebs so cool is all the people on it. So if you see something you cant live without, ask some one if they know anything about it, or go to this one site, I forget the name of it but its something like googer, or gooble or ah hell who knows, but search for it online.
Thanks
If someone states that any OS is secure-by-default then this is a sign that the person didn't understand the whole problem. There will always be security flaws, some by design (Win Scripting) and some by accident (Hacks).
The truth is that the Mac plainly sucks when it comes to security: http://news.cnet.com/8301-13579_3-9905095-37.html
Shall I laugh about it or shall I take an interest in this issue despite the fact that I am more prone to the Windowz world? I prefer the latter.
And BTW, Linux is safe? What exactly is Linux? Do you mean a distribution, a fork or the kernel code? Confusing? Maybe that's why so many lamp server got hacked and maybe that's why people regardless whether they refer to themselves as experts or not should have a look at securityfocus.com to debunk the secure-by-default myth.
We are in the same boat. Competition is one thing, security another. I would love to see MacOS being the #1 OS in the world. While MacOS has to struggle with worms, trojans, botnets etc. I can enjoy a secure-by-default windows - finally... ;)
First Mac users, like Jesus said, "enjoy your child-proof computer which you overpaid $700 for", second Windows users, enjoy a really high bill and being part of a botnet.
Faithfully, a Linux user, who "enjoys" neither.
Thanks!
Hi , i am on XP and it makes it's job very well for my purpose.I agree with the taskmanager check, it is a good advice to check the network traffic in a state where no no internet using applications are running and no browser is open.
Further i am using 3rd party antivirus software, a firewall and from time to time i let spy bot scan my system.Apart from beein behind a router.
I like XP but i would not feel secure with the default windows security environment.
This site does a great job at answering the very questions raised in this post:
http://www.justaskgemalto.com/en/surfing
The video from Symantec describes symptoms which parallel the normal operation of most Norton products. LOL.
I think ESET is a good security software... What do you think guys?
Yet botnets are not fun. Make sure you are running a good firewall like the free comodo firewall, and a antivirus program like the free AVG, also dowload the the free spyware remover adaware and run it regularly.
And dont believe the line about Macs being safer. Macs, at this juncture are being targeted much more frequently primarily because many Mac users have been conned into thinking that the lack of popularity of their platform grants them protection, also many Mac users are perceived as being technologically gullible. If you want to go down that path of safety resulting from lack of popularity, just install Ubuntu in your system--its free and wonderful and can dual boot with Windows.
Yet botnets are not fun. Make sure you are running a good firewall like the free comodo firewall, and a antivirus program like the free AVG, also dowload the the free spyware remover adaware and run it regularly.
And dont believe the line about Macs being safer. Macs, at this juncture are being targeted much more frequently primarily because many Mac users have been conned into thinking that the lack of popularity of their platform grants them protection, also many Mac users are perceived as being technologically gullible. If you want to go down that path of safety resulting from lack of popularity, just install Ubuntu in your system--its free and wonderful and can dual boot with Windows.
Well, sure Windows is going to be targeted more because of its market share. But seriously, is that any kind of excuse for Microsoft's extremely poor security record? MS is a very large company with a lot of resources. How is it that a whole 3rd-party industry has "of necessity" sprung up to address Windows' shortcomings?
Would you find it acceptable to buy a new car from General Motors, only to discover that brakes and door locks cost extra and are only available from a 3rd-party?
The fact is that the near-monopoly enjoyed for far too long by MS has made MS extremely, dangerously complacent. Foolishly, the US government and others have allowed this situation to continue far too long. It is a disaster in the making; perhaps intentionally so.
Bottom line is that security matters a lot more than is generally acknowledged. Since computers are such a major part of society now, security should be something taught in public schools just like basic math and literacy.
Using bit sense and KIS (Kaspersky Internet Security) or NOD is the best way.
Seems that you all agree that Linux is actually safe to use. My question is how far is Linux really safe with regard to botnets? Are there really no weakness?
Because most of the big web servers are now based on Linux, are really botnet-proof???
Thx
I will definitely spread the word, my friends who are more into this thing would love this, thanks for the post.
I just saw a special on the BBC where they showed how a simple trojan can hijack your entire computer. With the single piece of malware they were able to not only track all activity of the computer - including logging all keystrokes - they were even able to take over the users webcam and watch AND listen to his phone conversations and everything else. This not only illustrated the power of a basic trojan, but highlighted the need for even some basic data protection, which would have stopped this trojan in its tracks.