What is a Botnet?
A botnet (Robot Network) is a global network of computers remotely controlled by a single controller. Control is usually established through a virus infection. In most situations, a machine within a botnet may not even show signs of being controlled remotely.
Botnets are often used to perform attacks from multiple computers on a single host or group of computers. These attacks include attempts to break security, or cause distributed denial of service (DDoS) attacks. Botnet software can also steal personal information, identities, and passwords.
How can I become compromised into a botnet?
Botnet attacks occur when someone (or something) gains unauthorised access to your computer or network. This can come in a variety forms such as remote control methods, key loggers, viruses, trojans, and malware. A compromised machine is called a zombie.
You can protect against infection by keeping your operating system and software up to date, using antivirus, and treading carefully around unsolicited messages and pirated files.
Who is doing it?
The people behind botnets and hacking in general are quite varied, ranging from:
- hackers and 'script kiddies' - looking for bragging rights;
- businesses trying to better position themselves over the competition;
- criminals wanting information to sell on the black market for financial gain; and
- spies or terrorists wanting vital information of national interest.
There is also a market for disrupting others for commercial benefit. For example, a botnet might damage a business network to disrupt productivity for days, weeks, or even months. Without proper business continuity or disaster recovery planning, a botnet could do untold damage to a company.
You might think this doesn't affect a residential customer, but unfortunately it does. Additionally, malware can infect a work environment through its employees. Home users can infect commercial machines by sending infected emails to work, or bringing in portable storage from home.
How viruses are hidden - Piracy and Unsolicited Files
Pirated material is a common way to deliver viruses. Trojans and malware can do anything from stealing your data, infecting your system, or attacking others. This malware can be hidden in all forms of pirated material, including pictures, programs, and audio.
Often 'key generators' or 'cracks' include these sneaky hidden 'features' - if not in the program or file itself. Software may seem to function fine, while the malicious software works in the background.
Viruses can also be sent in emails. If you receive an unsolicited message containing an attachment, treat it as spam and delete it immediately.
How do I tell if I have been compromised?
Compromised Windows machines may perform slowly, or there will be a marked increase in Internet usage. Symptoms usually start after an unexpected reboot. Once Windows resumes, the Windows Firewall will be disabled.
You may also be unable to get Windows updates, or browse security vendor websites.
What to do if I have become compromised?
There is no easy answer with system compromises. You will need a knowledgeable person to assist in removing the infection.
A good first step is to remove the computer from the network and restart it in 'Safe Mode'. In Safe Mode, it might be possible to disinfect a machine using a program such as MalwareBytes. You'll need to download MalwareBytes on another computer and transfer it to the infected computer on a USB device.
How to make a complaint
It can be hard to make a complaint about some forms of intrusion, as identifying the source is often problematic.
Australian law only has jurisdiction if the system or computer server where the content is hosted is in Australia, or if the offender causing the intrusion, disruption, or impairment is an Australian citizen.
If the intrusion doesn't meet one of those criteria it becomes difficult for the law to handle locally reported cases. This is one of the reasons why so few cyber criminals are caught.
Spam and phishing are another thing. Spam can be reported to the host of the offending email or to your spam filter vendor, so they can update the filter to block it for others. You can also report spam to the Australian Government at http://www.acma.gov.au.
If you receive an unsolicited email asking for your Internode credentials please forward it to Internode at firstname.lastname@example.org. This will allow us to either track down and stop the sender, and/or prevent the emails reaching other Internode customers.