Botnets 101: Everything you need to know

Mar 8, 2012 10:51am

By Emily Eckland, NCSA Managing Editor of Digital Media

Last week, we attended the RSA Conference in San Francisco, a weeklong event focusing on cybersecurity.

We attended sessions on fighting cybercrime, the Conficker worm , information sharing between government agencies and other security topics, but there was one buzz word that kept popping up throughout the week: Botnets.

Many of you may be wondering, “What are botnets?”

In fact, several people have asked us about them on our Facebook page.

We asked Maxim Weinstein, the executive director of StopBadware, a non-profit organization that makes the Web safer through the prevention, mitigation, and remediation of badware websites, to explain what botnets are and what you can do to prevent them. 

What are botnets?

Botnets are networks of personal computers infected by malware and remote controlled by criminals. Botnets are used to send junk email (spam), attack websites, and distribute more malware, among other things.

How can botnets harm your computer?

The malware employed by botnets can infect your computer, turning it into a "bot" or "zombie." In other words, your computer can become part of the botnet, helping criminals do their dirty work. If you have a limited data plan, the malware's traffic may slow your Internet connection or cause you to run up against your data cap.

Some of the malware will also install additional malware on your computer or attempt to steal your passwords and account numbers.

How do you know if your computer is infected with a botnet?

Because criminals want their botnets to have as many infected computers as possible, they try to hide their malware so you won't notice it and try to remove it. Therefore, prevention (see below) is always a better option than trying to find an infection after the fact. Of course, it's still helpful to check your computer periodically, just in case something slipped through.

If you use Windows, Microsoft's Malicious Software Removal Tool can find and remove some of the most common forms of botnet-related malware. (If you use Windows Automatic Update—and you should—this tool will run once per month automatically.)

Scanning periodically with a current anti-virus (AV) product is also helpful. Always download or purchase AV software from a reputable retailer or directly from the website of an AV vendor you have heard of.

Some Internet service providers now provide notices to help their customers learn when botnet traffic has been detected from their devices. If you receive such a notice from your ISP, immediately use the tools described above and/or seek professional computer assistance to check your device(s) for malware.

How can you prevent botnets?

While 100% prevention is not possible, there are a few things you can do to dramatically reduce your computer's risk of infection:

1. You are the first line of defense. STOP. THINK. CONNECT. In particular, stop before clicking a link or popup, opening an attachment, or downloading a file. Think about any warning or error messages carefully. And connect only when you are confident that what you're clicking is legitimate. As Stay Safe Online says, "If in doubt, throw it out!"

2. Use automatic updates to keep your software protected from known risks. This is especially important for your operating system (e.g., Windows or OS X), your web browser, and popular tools like Adobe Flash Player, Adobe Reader, and Java.

3. Use a current anti-virus program or security suite that includes real-time AV protection. Keep it updated. If it warns you of something, follow its advice! 

The future of botnets

Botnets are also garnering attention in the highest levels of government.

White House Cybersecurity Coordinator Howard Schmidt and FBI Director Robert Mueller each spoke about botnets during the RSA Conference.

Schmidt said the global rise of botnets has become an increasingly exploited threat.

“A botnet infection can lead to the monitoring of a consumer’s personal information and communication, and exploitation of that consumer’s computing power and Internet access,” Schmidt said.

“The botnet lifecycle must be disrupted and the malware on the devices removed or made impotent.”

You’ll likely be hearing more about the issue in the coming weeks and months.

In the meantime, you can do your part by keeping a clean machine and deleting suspicious emails and links.