The recent Mariposa scam which revealed the compromising of 12.7 million computers shows the extent and severity of botnet problem. Mariposa is only one of them; there are many more such botnets like conficker, kraken, srizbi, Zeus, Zdbot, etc which have compromised millions of computers that are connected to internet today. And these in turn are actively trying to infect more and more computers every day. An article from BBC saying that up to a quarter of PCs connected online are part of botnets, tells us how grave the situation is.
Basics about Bots and Botnets
The term bot is related to the word robot. A computer system is first infected by a Trojan virus or any such malware; then the hackers, who are creators of this malware, take over the controls of the system and remotely operate it for their use. Since, the infected computers are obeying the controls of the hacker, these are also called bots or zombies.
A single bot is of not much use to the hacker. Thus, he first tries to increase the number of zombies by spreading the malware via the infected PC. Thus, the network of bots increases and forms a botnet. A typical botnet contains a few hundreds or a couple thousands of computers. However, there are a few botnets that contain millions of infected PCs. All of them serving to the key master – the creator of the botnet.
How/where are they used?
The primary risk of having/using a PC-turned-bot is putting all your credible information (like bank accounts, credit card numbers, passwords, financial information or any such sensitive data) available for the hacker to exploit. Bots also send spam, viruses, spyware to other computers on internet in order to spread their botnet. These are automated processes and do not require commands from the hacker each and every time.
Botnets are also used to perform other tasks online like creating email spam, clickfraud, spamdexing, launching of denial-of-service (DoS) attacks, fast flux, access number replacements, etc.
How to check if your PC is a part of botnet
Your PC Internet connection – turning inexplicably slow either while browsing or while checking mails can be a symptom of botnet infection. The malware used in botnet infection are specially designed to hide themselves even during carrying out the automated processes. Thus, it is hard to trace them down sometimes even with an antivirus installed in your PC. However, Prevx suggests a small technique using which you can check if your PC is part of a botnet follow when your internet becomes slow. The process is as follows:
- Close all your browsers and email software (like Thunderbird, Outlook, etc)
- Open Task Manager: Press CTRL+ALT+DEL at a time and then select Task manager from the Window.
- Open Networking tab and observe the graph or Network Utilization percentage below the graph. If it is showing more than usual percentage, then it might indicate that your PC is infected.
If the above is true in your case, the next steps to do will be:
- Immediately pull off from the internet by disconnecting the LAN cable.
- Use a rescue disk (like Norton antivirus rescue disk) and scan your computer thoroughly.
- Replace your antivirus immediately with a superior one and run thorough scan (because it is already proved that the existing one is ineffective).
- Reconnect PC to the internet and update your MS Windows, antivirus database, browser, adobe reader, and other vulnerable applications that are installed on your PC.