Is Your PC Part of a Botnet?

These Botnets are big business - a multi-billion dollar business in fact. Botnets are usually used to send spam, keylog, steal pay-per-click advertising revenues, and take part in a DDoS attacks (attacks that flood servers with so much traffic, it brings the network to its knees, often bringing the server down). The most significant attribute of Botnets, however, is keylogging: a little program running in the background [that you never notice] recoding all of your keystrokes, and then sending the data back to C&C servers, which again are controlled by people with malicious intent.

Often clients ask me why people do this? Why would someone write this type of software? Who has the time? The primary motivator is monetary gain!

Think about that! How much banking do you do online? What about using your credit card online? Accessing your email or other online services (i.e. Google Adwords, , PayPal, etc.)? Each unique set of credentials an attacker steals sell for $25 (the current online rate). Take for example UC Santa Barbara, its campus was infected with the Torpig Botnet for 10 days; during those 10 days the attackers stole nearly 300,000 set of credentials (usernames, passwords, etc.) from over 52,000 infected machines. In 10 days, the attackers potentially made over 7 million dollars by selling each of those credentials. I won't go into where you would go to sell this information, but it's big business. In addition, while your machine is still infected, its use is sold to others who want to use your PC to generate and send spam (a revenue generator as well); it's a vicious cycle.

The sad truth is that Windows PCs are the most vulnerable to these types of attacks because: 1) economies of scale (Windows PCs have over 90% market share, making it a rich target) and 2) inadequate security settings on those Windows PCs. No computer or device connected to the Internet is 100% safe (including Macs); if someone wants to get access and they put in the effort, they'll get in. Market share aside, Windows PCs are the easiest to infect because by default you are logged in as an administrator on the PC with full access. Linux & Macs don't run as the root user by default (by design). Microsoft has taken steps to remedy this problem with Windows Vista/7 with a feature called UAC; every time a program wants to make a change to the system, Windows will prompt you for permission. But then the question still remains: how do I know if it's safe to run this program? All this boils down to end-user education really. You can have the latest anti-virus/malware programs and the latest updates, but if you visit an infected website or open an email attachment with a virus (the two primary ways Botnets spread), chances are good you'll be owned!

How to Keep Safe Online

Protecting yourself requires a multi-prong approach - there is no silver bullet!

The first thing you should do is have anti-virus software installed and enable your firewall. Both Symantec and McAfee are excellent anti-virus solutions and industry leaders in this field. Microsoft has released a free solution called Microsoft Security Essentials (), which will protect your Windows PC from both viruses and malware. Although, the idea of Microsoft policing itself may make some folks nervous. However, in my experience Security Essentials does a decent job and it's free. And while enabling your firewall is better than not having one at all, remember it's no guarantee. If someone wants to get in, they'll find a way.

Go download Malwarebytes' Anti-Malware (). This is the best solution I have encountered when cleaning up infected PCs. It's free for home-use and does an excellent job at detecting malware and Trojans. You can purchase a Pro version that will provide real-time protection so you don't have to run a scan manually each time you're looking for infections. Sometimes to remove stubborn infections you have to reboot Windows into Safe-Mode (restart Windows and keep hitting the F8 key until you get a DOS looking menu system; select any of the Safe-Mode options and let Windows boot as usual; then run Malwarebytes).

Keep your Windows OS updated. It's free and there is no reason not to install the free patches Microsoft provides for its OSes. Check your Windows Updates setting in Vista/7 in the Control Panel, of if you're on Windows XP and below go to .

Use a safe browser. Stay away from Internet Explorer 6. In fact, if you're still using IE 6 go buy a new computer, or give me a call so I clean up your machine because chances are your PC is part of a Botnet. Internet Explorer 8 is a much safer browser than its predecessors; and Firefox, Chrome, and Opera are all worthy too. My only concern with third party browsers is their plug-in architecture, which themselves can have security flaws.

Implement OpenDNS in your home and/or business network. OpenDNS keeps you from unintentionally going to websites known to spread malware/Trojans, etc; plus you can filter the Internet sites users access on your network (i.e. block adult themes sites). The best part is this service is free! (Perhaps I'll do a video training on this topic if I garner enough interest).

Lastly, don't run your PC as an administrator, unless you absolutely know what you're doing. In a corporate environment the prudent thing to do is have 2 separate logins: one do to administrative tasks and a second one for everyday use.

These six steps will greatly minimize the attack surface of your computing environment. Stay safe!