PCW is running an interesting article about the several botnets out there, which control more than a million machines; which could result in more than nine billion pieces of spam to be slung into our Inboxes.
It’s safe to say that a majority of all the junk mail (spam) we receive is because of a compromised computer or network. The way these machines become compromised is likely due to Rootkits, Malware which deliver a payload forming a Botnet.
A botnet is a network of compromised computers, usually controlled by a small select few users. The purposes for controlling hundreds of thousands of machines at a time is for: bragging rights, extortion, spam, DDoS attacks. Not only is it lame, it’s extremely illegal — hence, the FBI busting the three largest US-based botnet owners in a Mitnick-style hardcore fashion, during June 2007.
The FBI (and many online experts) suggest that you:
- Use a Firewall, Verify Its Turned On
- Install and/or Update Anti-Virus Software
- Install and/or Update Anti-Spyware Software
- Install Operating System Patches
- Be Careful What You Download
- Turn Off Your Computer, When Not Using It
In my experience in helping your average Internet user (read: AOL users), they couldn’t point to their anti-virus software even if it was blinking at them. They couldn’t show me where their firewall is, or how to get OS updates. They aren’t aware of what Spybot is, nor how to update AV software. This is scary.
I know some of the network operators at AOL, and in passing we discussed the liklihood of bad traffic (meaning, spyware/malware/botted users) passing through the AOL network. They shared with me a very high number, but I won’t share it. Let’s just say if I had those odds with the lottery, I’d be a very rich man.
Now, it’s not totally the user’s fault. I lay a majority blame into the ISP. At no point (besides my side channel blogging), has AOL every educated users about botnets or has provided means of giving them resources to identify them. Instead of say, informing users about important OS updates… they present them with refinancing ads with a dancing gorilla. (Please, tell me that the CTR is low.)
Unless everyone takes considerable ACTION to scan their computer, update it and routinely format it and reinstall — everyone will suffer with more spam in their Inbox.
The problem with typical AV software (McAfee, Norton), they fail to monitor system activity in the way that Botnet software behaves. Most botnets are transmitted by means of Pharming, Phishing, Rootkits and Malware. Typical AV software monitors the file’s signature, and determines if it matches a list of known “bad” signatures. Now, if a file is able to change its signature with every variation and obfuscate its activity by using a Rootkit, there is no way for AV software to detect this.
See, now AOL had a decent AV software that was able to detect rootkits, with the use of Kaspersky’s engine, rebranded as Active Virus Shield. I assume it wasn’t monetized, hence it was killed in less than a year since it’s inception. Instead, users can receive a rather bloated version of McAfee rebranded with AOL logos and such.
A while back, I’ve put together a guide on 4 ways on how to protect yourself from virus, spyware, trojans and more. It may be worth a good read, too. Please share this info with your friends and family and help them not become a victim of a botnet.