How Do I Protect Against Botnet Infections?

How do you AVOID being part of a botnet? Is my anti-virus software enough? What software is there that will prevent unknowingly being part of a “Botnet?” – Brian

Whenever the issue of “botnets” comes up, it creates lots of fear and uncertainty as well it should. This form of malicious infection is responsible for just about all spam messages that we receive today as well as one of the most common methods of spreading infectious malware.

To review, botnets are a network of Internet connected machines that have been infected with a small program that allows a remote hacker to make use of the “zombie” computer at will. Any system that is connected to the Internet could easily and unknowingly become one of these silent zombie computers.

Large botnets can be made of up 10,000 machines or more which gives the person in control the ability to wreak some serious havoc.

Spammers will routinely “rent” a botnet to send out millions of spam messages by getting infected machines to send out a small amount of spam each (10,000 infected computers x 100 messages each = 1 million spam messages).

By using botnets instead of a single machine to send out the million messages, not only can the messages get out quicker, but it is nearly impossible to detect any one computer as a spammer (because of the low volume) and even if one is discovered, they are only responsible for a small amount of spam.

Avoiding the infectious programs is unfortunately not a function of a piece of software; no software will guard you against the biggest threat to becoming a zombie on a botnet…YOU!

Careless user behavior can easily allow these rogue programs to sneak past whatever security programs you have installed. If you are an avid user of file sharing networks (Kazaa, aMule, BearShare, etc.), BitTorrent networks, or fall victim to the various hoaxes that claim your computer needs a new program to view a video, you can become infected no matter how much security software you have in place.

Anti-virus programs are pretty good at detecting the viruses that can introduce a botnet agent to your machine, but if they can sneak past your AV program (which can be easily accomplished by tricking you into installing a spoof program), then detecting the presence of an agent becomes much more difficult.

The malicious users that write the botnet programs have the upper hand because they know how today’s anti-virus, anti-spyware, and other security programs function and can continually test their new creations until they figure out how to evade your security programs.

The key is in the clicks! If they can get you to click on a link in an e-mail, a link on a rogue Web site, a link from a communication on your Facebook or MySpace page, a link from an instant message or download a file from a file sharing network that is pretending to be something that it’s not, you don’t stand much of a chance.

The standard advice applies to reducing your chances of an infection from a botnet agent: Keep your Windows operating system up to date (the Apple OS is currently not a target of botnet infections because there aren’t enough of them — yet), keep your anti-virus and anti-spyware programs up to date, make sure your software firewall is set up to stop any program from accessing the Internet from inside your computer without first asking for your permission.

These types of complex attacks unfortunately require complex defenses to fend them off and the bigger problem is that the actual methods of infiltrating your computer continues to evolve.

This underscores the importance of having trusted resources for keeping up to speed on the latest attacks. Those of us that are trying to help protect the general public are behind the curve because any new attacks are only discovered once they have been launched on the Internet.

The time between the discovery of a new threat and the likelihood of coming in contact with that new threat continues to decrease (often the same or next day), which is why keeping your protection programs up-to-date on an almost daily basis (all of them can be setup to check for updates every day) and finding resources that will keep you updated on the latest schemes designed to infect you is a good line of defense.

If you like what you read in our weekly columns, we provide weekly updates and warnings via our free newsletter.

Ken Colburn
President of Data Doctors Computer Services, Host of the award-winning Computer Corner radio show, and Author of Computer Q&A in the East Valley Tribune newspapers.