Lavasoft News Lavasoft News

Understanding Hidden Threats: Botnets

You've most likely heard of botnets. Still, even with all of the references to them in the news these days, it's not easy to gain a clear understanding of what they are, and how they might be affecting you. We've taken a few of the most common questions sent in by Lavasoft News readers, and answered them in plain and simple terms. Keep reading to set the facts on botnets straight.

What is a botnet?

A botnet is a network of compromised, or infected, computers that hackers have commandeered. PCs that are part of a botnet are often referred to simply as "bots".

Botnets are part of the multilayered and profitable crimeware industry, where the initial step is to infect and take control of a targeted computer. PCs in a botnet are under the remote command and control of hackers. As part of that, hackers can take advantage of all of the resources on a machine (from personal information to bandwidth), and use it to perform malicious tasks under remote direction - all to carry out their criminal intentions.

What is a zombie computer?

A zombie computer is a system that has been infected and taken over remotely by cyber criminals. A collection of zombie computers makes up a botnet.

What are botnets used for?

Botnets are controlled remotely by hackers to distribute spam, viruses, and theft schemes - and to hijack additional computers. The main motivation behind botnets, in recent years, is for monetary gain by cyber criminals. Once compromised, cyber criminals have complete access to the infected machine; they are able to load software onto it, or pull information off of it.

Bot herders, the hackers who control botnets, can instruct thousands of computers to follow their orders, whether it's to propagate spam messages, launch fraud schemes or to issue denial of service attacks, targeting certain, often high-profile, websites in order to make them unavailable to users. Once bot herders compile a group of compromised machines, they can sell it to fraudsters who are then capable of using the exploited machines for identity and data theft.

How do I know if my computer is part of a botnet?

Most owners of compromised PC are unwitting victims, never realizing that they have allowed unauthorized access to their computers. Machines are infected without the knowledge of the computer user; usually access to the system is gained through a virus, worm, or Trojan. The symptoms of infection are generally very subtle and are not immediately apparent to the average computer user without using special tools. Still, there are telltale signs and symptoms which may indicate a problem.

  • A slow computer
    The most apparent sign, according to the analysts as Lavasoft Malware Labs, is "slow computer" syndrome: your Internet connection becomes strangely sluggish, or your PC gets slower as you run a few programs on it simultaneously. (However, users should note that this can also be caused by other types of malware, as well as other PC problems.)
  • Accused of sending spam
    Being accused of sending spam is a sign that your system is infected and is part of a spam bot.
  • Detecting malware responsible for bots
    By running an anti-spyware and anti-virus program, the security software will be able to root out an infection and classify it as a bot.
  • An unknown or suspicious process is running in the background on your PC
    If you use a firewall to monitor network traffic, the program will allow you to spot suspicious traffic on your PC.

For more technically-oriented computer users, bot activity can be discovered through packet sniffer tools and knowledge about different protocols, ports, Windows Registry, processes and TCP/IP. This includes:

  • Large amounts of network traffic
    Bots often connect to remove servers; they may use a questionable amount of bandwidth and cause network traffic even if you are not online.
  • IRC Traffic
    Internet Relay Chat (IRC) is a type of real-time Internet messaging, designed mainly for group discussion forums. IRC bots connect to IRC as a client, performing automated functions but appearing to be another IRC user.
  • SMTP Traffic
    Simple Mail Transfer Protocol (SMTP) is an Internet standard for e-mail across IP networks. Bots may use a built-in SMTP-engine to send spam to other users.
  • Open Ports
    Open ports allows applications to multitask and use different protocols at the same time. All computer devices on a network need a channel to allow them to communicate with each other. Bots may search for open ports to be able to start a synchronization or communication.

To learn more about the specific steps you should be taking to prevent your system from becoming part of a botnet, read our next article, How To Guide: Preventing Bot Infections.

Share Home
Get Registry Tuner
Did You Know?
A botnet can consist of tens, or even hundreds of thousands of zombie computers. A single PC in a botnet can send thousands of spam messages per day, often even without the user's knowledge.
What People Are Saying
"Ad-Aware Pro is one of the best all-around malware removal tools we used, combining strong protection with usability."
Facebook LinkedIn Twitter YouTube
Pass on the news, tips and offers in this issue - e-mail Lavasoft News to a friend.
Lavasoft Newsletter

Lavasoft Limited, 40/D, St. Julian's Court, Sur Fons Street, St. Julian's, Malta |

Add to your address book to ensure we reach your inbox.

You have received this message because you have registered to get information about Lavasoft and its products. If you would like to update your details or would like to unsubscribe, please click here.

For information on Lavasoft‘s Privacy Policy, please click here.

PLEASE DO NOT REPLY TO THIS MESSAGE. If you require Technical Support, please check the Lavasoft Support Center for information.

Copyright © 2011 Lavasoft Limited. All rights reserved.