Is Your Computer Part Of A Botnet?
- 0
- Add a Comment
- No Related Post
Botnets are networks of captive computers (often called zombies) that are created by trojans or worms that have infected unprotected PCs. Such networks are frequently used to send spam and initiate distributed denial of service (DDoS) attacks.
PCs without virus protection are the most likely to become zombies, but even a protected PC can be infected if its antivirus software’s virus definitions are out of date or don’t properly detect certain compressed files.
Some crackers have been successful at fooling anti-virus programs by packing their infections in a combination of UPX (The Ultimate Packer for eXecutables) and Morphine, which is an encryption program.
The Internet Storm Center (ISC), in its Handler’s Diary October 9th, is reporting “…successful social engineering attacks and GDI+ JPEG attacks that cause a UPXed and Morphined trojan horse (Gaobot, SDbot, RxBot) to be installed, and the resultant botnet used for typical nefarious purposes.
“Most current AntiVirus packages don’t properly unpack these binaries, and don’t detect them terribly well. There are also reports that some of them are interfering with automated AV update procedures.”
What can you do if you suspect your machine has become a zombie? The first and most important thing to do is to make sure that you have the latest antivirus definitions for your particular software. The leading antivirus software providers are working on circumventing the latest cracker techniques; besides, ANY protection is better than NO protection.
If you are inclined to be even more proactive and you have the technical savvy, here are further recommendations from handler Deb Hale at the ISC:
“…Has your hosts file been rewritten? C:\winnt\system32\drivers\etc
“…Do you have a lot of unidentified connects to the system? - Start - Run - cmd, at the command prompt type netstat -an. Take a look at the devices that are listed. Do you recognize all of the ips?
“…If you go into windows task manager do you see any processes running that you don’t recognize?
“…If you are comfortable with regedit, go to HKEY_LOCAL_MACHINE - software - microsoft - windows - current version. You should see run and run once and run services, (you may or may not see run services). Do you see any entries that you don’t recognize or look suspicious?”