Data Doctors: Avoid being part of botnet - East Valley Tribune: Business

Data Doctors: Avoid being part of botnet

Print
Font Size:
Default font size
Larger font size

Posted: Friday, February 13, 2009 4:08 pm | Updated: 2:37 am, Sat Oct 8, 2011.

Q. How do you avoid being part of a botnet? Is my anti-virus software enough? What software is there that will prevent unknowingly being part of a botnet? - Brian

A. Whenever the issue of botnets comes up, it creates lots of fear and uncertainty - as well it should. This form of malicious infection is responsible for just about all spam messages that we receive today and is one of the most common methods of spreading infectious malware.

To review, a botnet is a network of Internet-connected machines that have been infected with a small program that allows a remote hacker to make use of the "zombie" computers at will. Any system that is connected to the Internet could easily and unknowingly become one of these silent zombie computers.

Large botnets can be made of up 10,000 machines or more, which gives the person in control the ability to wreak some serious havoc.

Spammers will routinely "rent" a botnet to send out millions of spam messages by getting the infected machines to send out a small amount of spam each (10,000 infected computers multiplied by 100 messages each equals 1 million spam messages).

By using botnets instead of a single machine to send out the million messages, not only can the messages get out quicker, it is nearly impossible to detect any one computer as a spammer (because of the low volume). Even if one is discovered, they are only responsible for a small amount of spam.

Avoiding the infectious programs is unfortunately not a function of a piece of software; no software will guard against the biggest threat to becoming a zombie on a botnet ... You! Careless user behavior can easily allow these rogue programs to sneak past whatever security programs you have installed.

If you are an avid user of file sharing networks (Kazaa, aMule, BearShare, etc.) or BitTorrent networks or if you fall victim to the various hoaxes that claim your computer needs a new program to view a video, you can become infected no matter how much security software you have in place.

Anti-virus programs are pretty good at detecting the viruses that can introduce a botnet agent to your machine, but if they can sneak past your anti-virus program, which can be easily accomplished by tricking you into installing a spoof program, then detecting the presence of an agent becomes much more difficult.

The malicious users who write the botnet programs have the upper hand because they know how today's anti-virus, anti-spyware and other security programs function, and they can continually test their new creations until they figure out how to evade your security programs.

The key is in the clicks! If they can get you to click on a link in an e-mail, a link on a rogue Web site, a link from a communication on your Facebook or MySpace page, a link from an instant message, or if they can get you to download a file from a file sharing network that is pretending to be something it's not, you don't stand much of a chance.

The standard advice is to reduce your chances of an infection from a botnet agent by keeping your Windows operating system up-to-date (the Apple OS is currently not a target of botnet infections because there aren't enough of them, yet). Also keep your anti-virus and anti-spyware programs up to date and make sure your software firewall is set up to stop any program from accessing the Internet from inside your computer without first asking for your permission.

These types of complex attacks unfortunately require complex defenses to fend them off. The bigger problem is that the actual methods of infiltrating your computer continue to evolve.

This underscores the importance of having trusted resources for keeping up to speed on the latest attacks. Those of us who are trying to help protect the public are behind the curve because any new attacks are only discovered once they have been launched on the Internet.

The time between the discovery of a new threat and the likelihood of your computer coming in contact with that threat continues to decrease. Often it's the same or next day. That's why keeping your protection programs up-to-date on an almost daily basis (all of them can be set up to check for updates every day) and finding resources that will keep you updated on the latest schemes is a good line of defense.

If you like what you read in our weekly columns, we provide weekly updates and warnings via our free newsletter located at datadoctors.com/subscribe.

Ken Colburn is president of Data Doctors Computer Services and host of the "Computer Corner" radio show, which can be heard at www.datadoctors.com/radio. Readers may send questions to evtrib@datadoctors.com

  • Discuss

'EV Women in Business'

A PDF of the Tribune special section, featuring a mix of sponsored content from our loyal advertisers and newsroom coverage of the East Valley business community.

Your Az Jobs