What is a Bot Net?
"How can this be? My anti-virus software is always up to date?", you say.
Bot net software is usually installed on computers by users who are tricked into loading it. The software might pass itself off as a legitimate product claiming to be an anti-virus scanner, when in reality it is malicious Scareware that, once installed, provides a gateway into your system for malware software developers to install things like rootkits and bot net-enabling software.
The bot net software effectively sets your computer up to receive instructions from a master control terminal that is controlled by the bot net owner who is usually a hacker or other cyber criminal that purchased the use of your computer from the person who infected it.
Yes that's right, you heard me correctly. Not only is your computer infected, but people are making money by selling the rights to use your computer (without your knowledge) to carry out attacks on other computers. Mind boggling isn't it? It's like someone renting out your car for someone else's use while it's parked at a shopping center, and then putting it back before you discover it was gone.
A typical bot net may consist of tens of thousands of computers that are all controlled by a single command and control terminal. Hackers love using bot nets because it allows them to combine the computing power and network resources of all the computers in the bot net to attack a single target. These attacks are called distributed denial of service attacks (DDoS).
Thees attacks work well because the target of the attack may not be able to handle the network and resource load of 20,000 computers all trying to access it at one time. Once the system is bogged down by all the DDoS traffic from the bot net, legitimate users might not be able to reach the server which is extremely bad for business, especially if you're a large electronic retailer where constant availability is your lifeblood.
Some of the bad guys will even blackmail the targets, telling them that if they pay them a fee, then they will stop the attack. Incredibly enough, some businesses will pay the blackmail fee just to get back in business until they can figure out how to better deal with the attacks.
How do these bot nets become so large?
Malware developers who create the bot net software pay money via malware affiliate marketing programs to people willing to install their malware on victims' computers. They may pay $250 or more per 1000 "installs". Enterprising bad guys will use every means necessary to trick unsuspecting users into installing this crapware. They will link it in spam e-mails, post malicious links to forums, setup malicious websites, and anything else they can think of to get you to click the installer so they can get credit for another install.
The malware developer will then sell control of the bot nets they have created. They will sell them in large blocks of 10,000 or more slave computers. The larger the block of slave bots, the higher the price they will ask.
I used to think malware was created by kids trying to prank people, but it is really all about bad guys making money off of trafficking the use of your computer's CPU cycles and your network bandwidth.
How can we stop these Sons of (insert favorite bad thing here)'s from enslaving our computers?
1. Get a malware-specific scanner
Your virus scanner might be awesome at finding viruses, but not so good at finding Scareware, rogue malware, rootkits, and other types of malicious software. You should consider getting something like Malwarebytes which is known for finding malware that often evades traditional virus scanners.
2. Get a "second opinion" scanner
If one doctor says everything is good, but you still feel sick, you might want to get a second opinion from another doctor, right? Do the same for your malware protection. Install a second malware scanner on your computer to see if it might catch something that the other scanner missed. You would be surprised how many times one tool misses something that another one catches.
3. Be on the lookout for fake anti-virus software
In your search for malware protection you could end up installing something malicious if you don't do your research on the product first. Google the product to see if there are any reports that it is fake or malicious before you install anything. Never install anything that is sent to you in an e-mail or found in a pop-up box. These are often delivery methods for malware developers and malware affiliates.
If you want to be extra sure that the malware infection is gone then you should consider a performing full backup, wipe and reload of your computer to ensure that the malware is gone.
Source - Andy O’Donnell, About.com
Note: CFA does not represent or warrant that the information accessible via this blog or links from this blog are accurate, complete or current. This blog is for information purposes only. CFA will not be liable for any damages of any kind arising from the use of this blog or website including but not limited to direct, indirect, incidental punitive and consequential damages.