What is a Botnet?

Dear Bob,
Your article could not have come at a better time. I have had an iMac for a few months, and need advice about setting up my spam filters. I need to do shopping on the internet i.e. Macys, etc. When I set up my spam filter according to block html images and to open them when I need to, it blocks the website images and I can't open them to do shopping. I am getting x-rated spam everyday and phishing. I have AT&T and the paid version of Firefox 3. I have had some very scary experiences with my old PC with Windows and every recommended virus protection.

EDITOR'S NOTE: I would recommend that you get a Gmail account. You should even be able to forward your current email address to Gmail, and it will do a much better job of handling the spam and phishing.

Lately my domain name is being used to send out apparently vast amounts of spam, as I receive the "blow-back" which can be hundreds of non-deliverable e-mail responses some days. My own computer is not the "bot" because it occurs when my computer has been turned off for a couple of days, and the modem disconnected. Is there anything to be done about it?

EDITOR'S NOTE: This happens to me all the time, for several years now. It's trivial to change the FROM name in an outgoing email, so spammers do this in hopes of deflecting the blame to innocent (and probably randomly chosen) victims. The only thing I can suggest is to filter out the bounce messages.

@Annie: There is no paid version of Firefox. I suspect that you have been ripped off. That is actually rather common.

@Herrick: You should look into SPF to protect your email address from being spoofed.

More good botnet info here:
http://what-is-what.com/what_is/botnet.html

Re: Post by Robert Herrick 03 Aug 2008

This has happened to me a couple of times in recent months via my work e-mail account. I get a slew of "undeliverables" supposedly sent from my account, but only over a period of a couple of days, then things settle down. This account is actually a Gmail account, so I knew my machine was not hijacked, but I was still horrified the first time it happened and call my IT Dept immediately. They said this is a form of something called "joe jobbing" and there's not much you can do about it. Basically a spammer uses your return address for a day or so, then moves on to another return address. If you Google search "joe jobbing" you'll get the history of the term -- it's actually quite an interesting story!

I've been using the spamarrest spam filtering service (spamarrest.com) for close to a year now, and have nothing but praise for this service. Designed specifically to keep bot generated spam from your system, its well worth the modest subscription fee. For the record, I'm not affiliated with spamarrest in any way other than as a satisfied customer.

I get the impression from this that there's little you can do once your computer has been hijacked and placed in service as a botnet--is that correct? I do have an anti-virus program and several anti-spyware programs, but lately my computer is running slower than before, and i've wondered if I have the botnet problem. Won't anti-virus software find the problem and remove it?

Also, you say above that " your computer may be affected without you ever suspecting it." Is that even if you run an antivirus program? What makes these programs so hard to detect?

EDITOR'S NOTE: Sorry if I wasn't clear on that point... If you have a good anti-virus and anti-spyware program, it should take care of (or prevent) the problem.

to Annie: I use a shareware spam filter called SpamSieve on my iMac. The Mail program's spam filter is, well, really bad. I was so pleased with SpamSieve I actually PAID for it. :)

Regarding Gmail, maybe I'm just paranoid, but it IS offered by a company whose business it to collect information. I'm not sayin', I'm just sayin'.

EDITOR'S NOTE: So you trust Microsoft? If you run Windows, MS has COMPLETE control over your computer. Same with Mac OS and Apple.

I've been spoiled by you, to the point I found myself looking for stuff in your article that wasn't there. To be exact, I was looking for information to at least help me determine whether a botnet was present -- if not also how to rid myself of one.

Someone I know has someone he knows whose Outlook running under Vista is behaving suspiciously: "When it first opened it was fine but after a few minutes outlook had a couple of send and receive processes going then 3 then 4 and none ever finished, also noticed that it kept trying to send 4 msgs when the outbox was empty." I was hoping to pass on more information (and look like a hero). Oh well...

EDITOR'S NOTE: I tried to clarify that in a comment, but in a nutshell, if you have been affected, you've got some sort of malware infection. Install good anti-virus and anti-spyware software, and it should detect, take care of, or prevent the problem.

My XP laptop has become very lethargic, most of the time. Have done the "Making XP Run Faster" stuff. Am running AVG antivirus, Counter Spy, SPF, RegCure, doing defrags, Disk Cleanup.

When I watch Windows Task Manager, it seems the CPU is very busy, but I get very few cycles. On initial boot, CPU stays low, but then picks up to near 100%. I've heard of "worms" that embed in System Restore, so that they restart each time the system boots. Ideas, other than buying another machine? I must do something!

EDITOR'S NOTE: When you look at Task Mgr, what process is consuming the CPU?

Re: Post 30 Aug. Monitor_DL.exe, firefox.exe even though there is no apparent activity,explorer.exe, taskmgr.exe about 10%. About 52 processes running. Where can I learn what each of the processes is doing? Most are at 0.

EDITOR'S NOTE: The best way is to type the name of the process into Google, and see if it's a known malware threat.