As the rest of the country celebrated Independence Day, the U.S government websites fell prey to compromised computers. Those in the White House and The federal Trade Commission were affected as the botnet tried to restrict their access to their sites. This came as a reminder that the problem of botnets is still with us.
What are Botnets?
These are rogue networks that are made up of “ghost” networks. It gets into your machine when you visit a website and download the code masked as a video, or if you visit an infected site, or if a form of malware/virus enters your system. Once in your system, it seeks instructions from its command-and-control (CnC). Unlike the traditional viruses that just install a keylogger or steal passwords, a bot works together with other infected systems, as if it were one large system.
Business boom for Spammers
The current trend is to pay for botnets to get a message across many people, in the thousands, at once. One of the big spammers at the moment is Canadian pharmaceutical spam which is taking spamming to a whole new level. Other possible uses of this include attacks that are orchestrated to bring down commercial websites. Another booming business is in fast flux, keeping phishing websites active while changing their domains. Botnets provide the stage for this. According to Kaspersky, the huge internet security firm, botnet owners charge huge amounts of money to provide this service.
ShadowServer Foundation, a group that specializes in giving information about botnets, has reported a growth of botnets from 1500 to 3000 networks in just two years. The extent of the infection is unknown since each of these networks has multiple compromised PC’s which individually may have infected a whole lot more.
Plainly, the homes of these botnets are in the United States and in China. This is according to Arbor Networks security manager, Jose Nazario. He added to say that “Most PC users assume that they are part of a botnet, and I think it’s very safe. The internet is very dangerous for most people.”
How do I know my PC is infected?
Botnets lives depend on their communications with their respective CnC servers, communications that are an indication of how large the botnet is. More so, a surge of communications in and out of your PC will help your antimalware detect bots. Nazario went ahead to say;
“Lack of antivirus alerts, however, is not an indication of a bot free PC. It is close to impossible for antivirus software to keep up with the increasing number of threats. It is sad that better solutions for home users do not exist”
Your PC antivirus check may come out clean but still, beware! Microsoft has provided users with a free Malicious Software Removal Tool. A version of the tool is updated monthly. It runs a background check and sends a report to Microsoft in case of an infection. The version is available from both Windows Update and Microsoft Update. Another version is the Malicious Software Removal Tool, which you can get from Microsoft’s site. You can run this software whenever you notice anything bizarre with your PC. This software has brought some recognizable results. In September 2007 alone, when it was introduced to detect Storm bot, it reduced Storm botnet by a whole 20% overnight. Since then, Microsoft has added to this with other tools such as Conficker and Szribi.
BotHunter (From SRI) is another free program, compatible with Mac OS, Windows XP, Linux, Unix and windows Vista. They are designed for networks but can also work with PC’s. This software listens to your machine’s internet traffic and keeps a log of the same when occur when your PC is malware infected. In order to improve its definitions, it sends out messages to the SRI International database. Among the culprits that have been apprehended by BotHunter is Conficker back in2008. It did this before long before this botnet was picked up by other security vendors.
Next Generation Botnets
In a bid to prove their resilience, botnets have, in the recent past, infested cell phones too. Sexy View SMS malware has invaded the Simbian mobile OS according to Trend Micro. This bot can contact a CnC server, retrieving spam SMS templates. A mobile botnet may seem different from the computer. However, in a time not far from here, infected cell phones will be viable.
However much we try to eliminate this problem, we just might not be able to completely eradicate it. Only thing we can do is try managing the infestations. As we wait, let us keep cleaning the infested systems.