Avoiding the Botnet Snare
Category:Information Security,Infosec Communicator,Uncategorized“Why would anyone attack my computer? I don’t have anything of value on it.”
Is this your mindset? Although the goal of many attacks may be identity theft or financial gain, there are other reasons for someone to attack your computer.
Of the many types of malware (malicious software) attacks, one of the most serious is someone installing remote control software that allows them to install and run automated programs, making your computer into a bot or zombie computer. Your computer then becomes part of a bot network controlled by a bot herder. The bot herder will use your computer to conduct distributed-denial-of-service (DDoS) attacks, send spam and phishing email, and attack other computers.
Trends
Several years ago, 2006 was described unofficially as the “Year of the Bot.” Millions of computers were members of botnets—4.7 million according to the 2006 Symantec Internet Threat Report. Other estimates ranged as high as 7% of all computers (approx. 47 million.) Typically, bot networks may contain as many as 80,000 computers. (There were even reports of a Dutch botnet of 1.5 million computers!) The problem is not any better today.
How does it work?
Although bot methodology is evolving, the classic bot scenario is shown below:
Image via Wikipedia
IRC (Internet Relay Chat) has been the classic means of communications in bot networks. In this type of network, it is easier to shutdown the bot controller because communications would be easier to track back to their source. Most recently, there are examples of bots using P2P (peer-to-peer) communications—“bots talking to bots.” This creates a decentralized structure which is much harder to shutdown.
How do I know if my computer is part of a bot network?
Unfortunately, there is no easy way to tell. You may notice unusual activity if you leave your computer on, you may be contacted by your Internet service provider (ISP), or you may find that your computer is quarantined/blocked from the campus network. If you are following the requirements of the Desktop Standard and you have run a virus scan and a spyware scan with no reported infections, it is likely that your computer is not part of a botnet. Follow the steps below to make sure you don’t become part of a botnet.
Protection
The key to preventing your computer from becoming a bot is to use a combination of technical and process protections. You’ll need to make sure you’ve got the right software enabled and you may need to change the account you use to check email or browse the Internet.
Protecting Yourself from Bots
If you’re running Windows XP or older, don’t use your administrative account for daily activities, use a “limited” account instead. A limited user account doesn’t allow the user to install software or make system configuration changes. If you browse the web using a limited user account and accidentally visit a malicious web site, normally, no software can be installed without your permission because your user account is not capable of installing software.
Create defense in depth to protect your computer against a variety of attacks. Install antivirus software, keep it up to date, and set up regular system scans. Make sure the Operating System (Windows, Macintosh, Linux, etc.) is up to date with its patches and has auto-update turned on. Way back in 2006, the average time between the discovery of a vulnerability and the availability of instructions to exploit was less than seven days.
Use a personal firewall. Firewalls protect you from outside intruders and also can prevent programs on your computer from inappropriately connecting to the Internet For Windows computers, check the list at https://personal-firewall-software-review.toptenreviews.com/. Macintosh users can use the built-in firewall in the OS, but make sure it’s enabled. Linux users should choose an appropriate firewall. A hardware firewall can also be used to protect desktop computers.
Use anti-spyware (where available). Spyware sends personal information to other people without your knowledge. For Windows, Spybot Search & Destroy (www.safer-networking.org) and Ad‑Aware (www.lavasoft.de) (free for personal use only) have been traditional choices. You may find that it is best to use more than one product, but be sure to read any information about compatibility with other software. Check out the reviews at https://anti-spyware-review.toptenreviews.com/ for some suggestions. (Be careful of downloading other anti‑spyware products. Some of them actually install spyware on your computer.) Researchers have estimated that as many as 89 percent of home computers are infected with multiple instances of spyware, averaging about 30 spyware components each.
Related articles
- FBI Pulls the Plug on Coreflood Botnet (pcworld.com)
- Busting the Botnets (technologyreview.com)
- Is Your Computer System a Zombie for a Botnet Spreading Cybercrime? (pctechmojo.com)
- Worse than Zombies: The Mobile Botnets are Coming (businessinsider.com)
- New Zeus P2P bots: anonymous cyber-crime ready for mass market (arstechnica.com)
