University of Calgary

Botnets and How to Avoid Them

Submitted by jmelliot on Tue, 2008-05-06 09:46.

Introduction
What is a botnet?
How does your computer become a bot?
Warning signs
How to protect yourself
Getting help

Introduction

Botnets are quickly becoming a growing threat to computer users due to their inconspicuous and diverse methods of taking over computers. Millions of computers around the world are believed to be compromised and the numbers continue to grow. It is important understand this threat and how to avoid it.

What is a botnet?

A botnet, which is short for robot network, is a group of computers that have been taken over and controlled remotely. Known as zombie computers or bots, these computers for the most part operate like a normal computer, leaving owners unaware that their machine is infected. They typically receive instructions from a central PC that is known as the command-and-control centre. A botnet is usually made up of tens or hundreds of thousands of home computers.

Bots were originally designed to help transmit spam. Since their creation, they have been modified to engage in illegal activities as well.

Botnets are commonly used for:

  • DDoS (distributed denial of service) attacks
    DDoS attacks attempt to overload a site in order to disrupt business by creating a loss of connectivity or connection bandwidth.
  • Click-fraud
    Certain advertising firms pay website hosts a small fee every time an ad of theirs is clicked on. Some botnets take advantage of this by having computers access the site repeatedly in order to fraudulently obtain payment from the advertiser.
  • Phishing campaigns
    These are used to harvest email addresses. Zombies within a botnet are used to send out spam and phishing email in order to collect addresses to add to their spamming lists.
  • Keylogging
    Software is installed that records keyboard activity that is send back to the botnet. Keylogging programs to try to gain your personal information, such as usernames, passwords and credit cards.
  • Host malicious web sites
    Botnets can use home computers to create malicious websites that download malware when accessed.

Some botnets can also install malicious software that causes infected computers to infect other computers. Since these botnets get their instructions from other hacked computers it can be hard to trace which computer is the command-and-control centre.

How does your computer become a bot?

Home computers that have security vulnerabilities are prime targets for botnets. Spammers scan the Internet looking for computers that are unprotected and use these “open-doors” to install malicious software. Another tactic is through phishing or spam emails that contain links or attachments. When clicked-on or opened, malware is then installed on the machine. Furthermore, visiting certain websites can result in malicious software being installed. This malicious software may cause your computer to run slower, your ISP (Internet Service Provider) to shut down your account for spamming, or you becoming a victim of identity theft.

Warning signs

Your computer may be part of a botnet if:

  • Your computer suddenly starts operating slowly or erratically
  • You receive emails accusing you of sending spam
  • You have email messages in your outbox that you didn’t send

How to protect yourself

To prevent your computer from becoming infected:

  • Use up-to-date anti-virus and anti-spyware software
    Look for software that removes viruses and updates itself automatically on a daily basis. Be wary of ads on the Internet offering spyware software, as this might be a ploy to get you to download malicious code.
  • Set your operating system software to download and install security patches automatically
    These security patches released monthly by Microsoft help fix any flaws companies find in their operating system which in turn helps to give your computer the latest protection.
  • Insure that your firewall is turned on
    Firewalls are designed to prevent hackers from accessing your computer by making you invisible on the Internet. They help to block incoming communications from unauthorized sources. Many operating systems like Windows and Mac OS X have built-in firewalls however you may need to check to see if it is enabled. Routers have hardware firewalls. It is especially important to have your firewall enabled if you have a broadband connection because the connection is always open. For more information see http://www.ucalgary.ca/it/security/firewalls.
  • Be cautious about opening any attachments, or downloading any files from emails you receive
    Even if the email is from a friend or co-worker, be careful about what you choose to open since their computer could be compromised. If you send an email attachment, explain in the email what the attachment is.
  • Be careful what you download from the Web
    Only visit sites you trust. It is recommended that you use a web browser that has security features or use a program like SiteAdvisor that checks the status of websites to insure that they are safe to visit and use.
  • Turn off your computer when you aren’t using it
    If you’re disconnected from the Internet, hackers can’t get to you.

Getting help

If you think your computer has been infected, contact the IT Support Centre at 403-220-5555 or email itsupport@ucalgary.ca.

For more information on botnets, see http://www.shadowserver.org.

Search IT