Wednesday, July 6, 2011

Botnets, or What you don't know CAN hurt you

If you're online regularly enough to be reading this blog, you probably already know that there's some nasty stuff lurking on the Internet: viruses, worms, Trojans, and other malware.  Even if you don't know precisely what all these things are and how they work, you probably figure that you've got your bases covered with a good anti-virus program.  You know not to open unusual email attachments or get caught by too good to be true advertising (Click here to win a FREE iPAD!!!!).  But there's one security threat that you may not know about... and what you don't know can hurt you.  It's one of the hardest to prevent, hardest to detect, most widespread, and downright nasty pieces of work out there: a botnet.

Never heard of it?  A lot of people haven't.  And sadly, a lot of those people are probably infected.  So what is a botnet?

As defined by Google dictionary, a botnet is "a network of private computers infected with malicious software and controlled as a group without the owners' knowledge."  (The term botnet itself is shorthand for "robot network.")  If your computer is infected with botnet software, part of its memory and processing power are taken over (enslaved!) by a "bot master" who controls thousands or even millions of slave computers, known collectively as a botnet or zombie armyThe botnet is used to carry out cyber crime like sending vast amounts of spam email, attacking and bringing down legitimate websites, and capturing bank and credit card details.

Here's the worst of it: because the bot master has an interest in keeping your machine running and keeping its enslavement a secret, there is often little outward sign to you when your computer becomes infected.  The signals are there, but they aren't the major crashes and data losses that signal a virus infection.  You'll see your computer running slowly, you may be warned about suspicious activity, or occasionally your browser will lock up when you're online.  But generally you'll keep on working, oblivious, while the botnet does its dirty work in the background.

And the worst news of all?  Anti-virus software alone usually can't protect you from botnet infection.  So how can you protect yourself?

1)  Your computer needs a comprehensive security solution that includes anti-virus and anti-malware programs, and most importantly, a personal firewall.  (Not sure if you have a firewall?  Need to get one?  CNET's has several good options.)

2)  Make sure Windows is up-to-date.

3)  Make sure your browser is up-to-date.

4)  Many botnets (including the largest ever detected, spanning millions of computers across 172 countries) are spread via portable devices like USB flash drives, so be careful where you put that thing!  Plugging your flash drive (or digital camera, smart phone, etc.) into a computer whose defenses you are unsure of is the cyber equivalent of unprotected sex or sharing dirty needles.  Sure, that computer might be clean, but there's no way to tell by just looking.  If you must use your flash drive on public computers or the computers of less-than-savvy web users, set your security software to scan your flash drive whenever you insert it in your home machine.

For another, somewhat humorous but enlightening take on botnets, watch this video from Symantec.  (Yes, they are selling you their product, but, hey, it's a good product and their videos are top-notch.)

No comments: