BOTNET ATTACKS: Are You Vulnerable?
How easy is it to take over hundreds of thousands of computers, and enslave them in a botnet that could be used by hackers for malicious purposes? Not so hard, it turns out. The shocking truth is that the tools to create and operate botnets are cheap and readily available to malevolent miscreants. Read on to learn how to detect and defend against botnets, and some really good news about “Operation Avalanche” ... |
What is a Botnet?
Perhaps you've read warnings about your computer getting caught up in a botnet, but you don't really understand the danger. I'll explain in simple terms what a botnet is, how it can affect your computer, and how to avoid them.
A botnet is a collection of ordinary home and office computers that have been compromised by rogue software. The term "botnet" is short for "robot network" and describes the situation rather well. Computers that have been caught up in a botnet have been effectively taken over, and can be used to perform almost any task by the person or persons who control the botnet. Botnets are controlled by cyber-criminals whose motives include selling products, operating financial scams and crippling websites through coordinated attacks.
Should you be concerned about botnets? Yes, because botnets operate silently, and your computer may be affected without you ever suspecting it. Botnets are everywhere. It is estimated that over 30 million "zombie" computers are unknowingly caught up in these networks that distribute spam, steal personal information and participate in denial of service attacks.
Botnets are carefully planned to spread via viral infections and other malicious software. They use email, social engineering, P2P (peer to peer) networks, and other techniques to spread to other computers. Once your PC is infected, it may attempt to spread the botnet code to others on a local network in a home or office setting.
In the past, botnets were most often used to spew massive quantities of spam, which is where most of the "enhance your body part," offers and phishing scams come from. More sophisticated botnet attacks can be used to gather sensitive information from businesses, political groups or governments. Recently, botnets have been used to harness the power of thousands of networked devices in distributed denial of service (DDos) attacks that can cripple a target website for days, just by flooding it with meaningless requests. My recent article Attacking the Internet is Now Child’s Play describes how journalist Brian Krebs' website was taken offline by the Mirai botnet.
These attacks can be hard to defend against, because the attackers (which can be computers, webcams, DVRs, or even baby monitors) are spread all over the Internet. And when an "attacker" is identified, it's just some guy in Podunk who failed to secure his gadget with a password, and had no idea he was involved in a global crime spree.
Bots can also be used as agents for mass identity theft. This happens through phishing emails that appear to be from a legitimate company in order to convince the user to submit personal information and passwords. Be especially wary of emails claiming to be from eBay, Paypal, banks or the government. Never click on email links to access these sites -- always use your bookmark or key it in directly.
The Good Guys Are Gaining
Fortunately, in the past few years, law enforcement and computer security companies have had some success in tracking down and neutralizing some of the most notorious botnets. In March 2010, the FBI and authorities in Spain busted the Mariposa botnet (over 12 million computers) and arrested the people behind it. In 2011, Microsoft and Kaspersky combined to neutralize the Rustock and Kelihos botnets. In 2012, the Grum botnet, which was spewing 18 billion spam messages a day, was taken down. In 2013, Microsoft and Symantec teamed up to defeat the Bamital botnet, which was hijacking the web searches of over 8 million users.
Most recently, one of the largest and most notorious botnets was busted through the cooperation of cybersecurity experts and law-enforcement authorities in 30 countries. Over 800,000 internet domains associated with the botnet have been taken offline in “Operation Avalanche.” This botnet was used to launch global malware attacks by sending over a million malicious emails every week, for at least four years. In Germany alone, authorities say there were millions of computers infected. The Avalanche botnet was able to steal email and online banking credentials, and could transfer money from the victims’ accounts.
How to Avoid Botnets
You are most likely to get sucked into a botnet if you do these things:
- Fail to secure your router and wifi with a unique username and password. (See my Wireless Network Security Checklist for details.)
- Fail to secure your software. (See Computer Security: The Missing Link)
- Click on dubious links in spam emails or shady websites
Use good security practices outlined in the links above, and avoid suspicious emails, especially unexpected messages with subject tags related to holidays, celebrities or current events. Watch out for phishing scams, never click on (or buy!) anything advertised in a spam email, and when in doubt, just don't click.
How to Detect and Remove Botnet Infections
It's difficult to detect if your computer has been caught up in a botnet, because the software that's implanted is designed to operate in stealth mode. If you notice that your computer is sluggish, that *may* be a sign that you are affected. But in general, if you have been affected by a botnet, you've got some sort of malware infection. Install good anti-virus and anti-spyware software (refer to the links above), and it should detect, take care of, or prevent the problem. For extra peace of mind, try the Norton Power Eraser, which specializes in rooting out difficult-to-detect crimeware that other antivirus tools may not detect.
Have you had experience with a botnet on your computer? Post your comments and questions below...
This article was posted by Bob Rankin on 6 Dec 2016
For Fun: Buy Bob a Snickers. |
Prev Article: Gooligan Malware Spreading Like Wildfire |
The Top Twenty |
Next Article: Geekly Update - 08 December 2016 |
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin Subscribe to AskBobRankin Updates: Free Newsletter Copyright © 2005 - Bob Rankin - All Rights Reserved About Us Privacy Policy RSS/XML |
Article information: AskBobRankin -- BOTNET ATTACKS: Are You Vulnerable? (Posted: 6 Dec 2016)
Source: https://askbobrankin.com/botnet_attacks_are_you_vulnerable.html
Copyright © 2005 - Bob Rankin - All Rights Reserved
Most recent comments on "BOTNET ATTACKS: Are You Vulnerable?"
Posted by:
Jim
06 Dec 2016
Would the free versions of Malwarebytes and Spybot remove a botnet infection?
Posted by:
Robert K
06 Dec 2016
Bob,
Thank you for another great helpful article. Regarding Norton Power Eraser, I've had Norton antivirus once, and it placed its tentacles everywhere on my hard drive. I was never able to get rid of, all of it. Since that time, I have not gone near anything with a Norton name.
Posted by:
Bob Stromberg
06 Dec 2016
Hi,
I tried downloading the Norton Power Eraser but could not access the web page (https://security.symantec.com/nbrt/npe.aspx).
Running Windows 8.1 with Kaspersky Internet Security 16.0.0.614(h), with the "scan encrypted connections" option on. KIS pops up a message about a misname on a security certificate. I click "Disconnect" on the popup -- because if there is any problem with a security certificate, I do not want to visit the web site (or any of its third-party suppliers).
In Chrome, I get the message "liveupdate.symantec.com unexpectedly closed the connection."
In IE, I get a message including: "If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator."
When I go to Qualys' SSL test web page, I get "Certificate name mismatch."
Looks like Symantec is requiring that we accept a misconfigured security certificate.
Too bad. I'd like to try this tool.
-- Bob
Posted by:
Mac 'n' Cheese
06 Dec 2016
For what it's worth, I had no problem downloading the Norton Power Eraser application, using Firefox 50.0.2. running under Win 7 Professional 64-bit.
The tool installed uneventfully, and it took about two minutes to do a scan.
Mac 'n' Cheese
Posted by:
Robert A.
06 Dec 2016
For those readers who have Comcast/Xfinity internet service, the Norton Security Suite, AKA Norton 360, as a retail version, is available as a FREE download to all Comcast internet subscribers, and it contains Norton Power Eraser as part of the package.
Posted by:
Mac 'n' Cheese
06 Dec 2016
JIM: You asked the question, "Would the free versions of Malwarebytes and Spybot remove a botnet infection?"
I think the answer is "maybe." But Bob suggested, "Try the Norton Power Eraser, which specializes in rooting out difficult-to-detect crimeware that other antivirus tools may not detect." The key words here are "DIFFICULT-TO-DETECT CRIMEWARE THAT OTHER ANTIVIRUS TOOLS MAY NOT DETECT."
FYI, Norton Power Eraser is free, too.
Posted by:
Craig
06 Dec 2016
I downloaded Norton Power Eraser and it wiped out a large software program which I will need to reinstall(yes I had it backed up). For that reason I want to uninstall the Norton program but it does not appear on my program list(when I click on Uninstall Programs in Control Panel)
How do I make sure Norton Power is removed (or should I say erased ?)
Posted by:
Butch
07 Dec 2016
Back when I was still a 'working' guy, I used, respected, and trusted "Norton" software. However, these days, it seems that Symantec/Norton has some questionable products. I prefer to be "safe" and "not sorry" so I will not be clicking on anything "Norton." Caution comes with age--now 78. Thanks for the article though.
Posted by:
DBA Steve
07 Dec 2016
Firefox (50.0.2) running on Windows 7 says
"The owner of liveupdate.symantec.com has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website."
Interesting. Other posters earlier have *and* have not had problems downloading this product.
Posted by:
thenudehamster
08 Dec 2016
Firefox is getting unbelievably snotty about site's "security certificates" and configurations, so much so that I'm really considering changing my default browser. Vivaldi (from some former Opera programmers) is quick, simple to use and well featured - and free. And it happily connects to Symantec for the NPE - though I apparently don't need it as I run Linux anyway...