Archive for the ‘BotNets’ Category

What Bots Can Do?

Posted: December 8, 2011 in BotNets, IT Security

How to better protect your PC with botnet protection and avoid malware 

Cybercriminals work tirelessly to enlist your computer in their network of computers known as a botnet, which they then use to commit crimes. Find out more about botnets, botnet protection, and how you can help protect your PC against these attackers.

What is a botnet?

The term bot is short for robot. Criminals distribute malware (malicious software) that can turn your computer into a bot, also called a zombie. When this occurs, your computer can perform automated tasks over the Internet without your knowledge.

Criminals typically use bots to infect large numbers of computers. These computers form a network, or a botnet.

Botnets can be used to send out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. If your computer becomes part of a botnet, it might slow down and you might be inadvertently helping criminals.

 Bots are highly specialized tools that can perform multiple tasks for their masters. However, they all share a common set of essential features. The common features might be implemented with various names on miscellaneous bots, but they ultimately have the same destructive potential.

 One of the most important functions implemented into a bot is the update feature. This means that the bot is able to download and execute a specific file located on a remote server in order to update its own code with a more efficient and effective version. However, unlike commercial software updaters that automatically check for newer versions at startup, the bot update is only initiated when the botmaster commands it across the compromised network. The update feature is also widely used to run another batch of  malware applications onto the host computer (including viruses, Trojans or worms).  Flood (also known as Denial of Serviceor Distributed Denial of Service ) is another important feature built into any malicious bot.
 DoS attacks are designed to hinder or stop the normal functioning of a web site, server or other network resource by flooding it with more network traffic than it is able to handle. DDoS attacks are similar to the DoS ones, except for the fact that they are carried using multiple compromised machines at the same time.
This allows the bot to perform false requests to a specific Internet address in order to overload it beyond the point of normal functioning. A flood attack would easily render a server useless, thus getting it out of production for an undetermined amount of time. This kid of  attack is usually used as a blackmail tool, as we will discuss later.
Spamming is another popular choice for using bots. This kind of functionality allows the bot to download a spam message template, and then start sending it to any of the e-mail contacts in a Spam list. In order to maximize efficiency, each bot is assigned a different e-mail list, or at least a different e-mail range.
Many of the existing bots also include a proxy server that allows remote attackers to connect to the Internet using the compromised machine’s IP address. The function is one of the core components in any “respectable” bot, rather than a disposable plugin. Botmasters usually conceal their illegal activities using one of the zombie computers as proxy servers.
One of the best known examples of PC exploitation was the case of Magnus Eriksson, a law professor at the Lund University, whose computer had been used by third parties to download and store 3,500 pictures with child pornography. He was fired and discredited, and he nearly lost his mind until 2004, when authorities figured it out that the pictures were planted by remote hackers. However, the confusion was cleared out too late, and the damage to his name was beyond repair.
Other minor improvements to the bot’s code include miscellaneous features such as taking screenshots, key-logging or fetching the network activity log file on the compromised machine. Many bots can also grab the serial numbers used to register a wide palette of software applications onto the compromised computer. The serial numbers are then used on websites that allow users to purchase “genuine” software at faint prices. Such websites are usually promoted via spam messages, which means that the entire business runs “in the family”: the same botnet is responsible with either collecting the serial numbers and with spamming users with advertisements promoting the websites.
How to tell if your computer is infected with malware

It’s not always easy to tell if your computer has been infected with malware. If it is unusually slow, crashes or stops responding frequently, for example, these problems might be signs that your computer has been infected. However, the same problems might also point to hardware or software issues that have nothing to do with malware. Because it’s difficult to tell the reasons for your computer’s unusual behavior, we suggest that you follow these steps:

  1. Get a more complete list of symptoms.
  2. If, based on the complete list of symptoms, you think your computer has been infected, let Microsoft help you diagnose the problem and solve it.

How to help avoid malware

Cybercriminals use two basic strategies to penetrate your computer’s defenses and enlist computers in their botnets:

  • They install malware on a computer by taking advantage of unintended vulnerabilities in its software or by breaking into accounts guarded by weak passwords.
  • They try to trick you into installing their malware.

To help secure your computer against bots, follow the advice below. For specific how-to info, see How to boost your malware defense and protect your PC.

Strengthen your computer’s defenses

  1. Install antivirus and antispyware programs from a trusted source. Anti-malware programs scan and monitor your computer for known viruses and spyware. When they find something, they warn you and help you take action.
  2. Keep all software up to date. Regularly install updates for all your software and subscribe to automatic updates wherever possible.
  3. Use strong passwords and keep them secret. Use our password checker to determine the strength of your password.
  4. Never turn off your firewall. A firewall puts a protective barrier between your computer and the Internet. Turning it off for even a minute increases the risk that your PC will be infected with malware.
  5. Use flash drives cautiously. Putting your flash drive (sometimes called a thumb drive) in a computer that is infected could corrupt the drive, and ultimately your computer.

Do not be tricked into downloading malware

Attackers can enlist your computer in a botnet by:

  • Delivering malware in downloads that you think are pictures or movies, or through links that you click in email or instant messages (IM), or on a social network.
  • Scaring you into clicking a button or link they supply with fake warnings that your computer has a virus.