Botnets: One Down, But How Many Are Still Out There?
By: Emma Kavanagh
Symantec’s successful disabling of 500,000 infected computers in the 1.9-million strong ZeroAccess network has made major headlines. This action was, no doubt, a major victory for Symantec and the computer protection industry as a whole, but it doesn’t necessarily mean that the threat from botnets is over.
ZeroAccess is considered one of the largest botnets in the world. Using its hijacked computers, ZeroAccess aims to commit click fraud and bitcoin mining. The system’s click fraud Trojan installs itself on compromised computers and then downloads online ads. Once that’s done, it generates fake clicks that can pay out big through pay-per-click advertising schemes. In the case of bitcoin mining, ZeroAccess uses its hijacked machines to steal virtual currency.
Symantec’s computer security experts were able to crack the ZeroAccess bot’s security enough to disable its operation on an estimated 500,000 computers in the network. The company, which produces Norton products, is now working with ISPs and CERTs worldwide to clean the remaining ZeroAccess-infected computers worldwide.
While Symantec’s successful counterattack on ZeroAccess is huge news, it doesn’t mean the threat from botnets is over. Cybercriminals are savvy and they will likely come up with newer and more creative ways to hijack computers for their own gain. As some security experts have pointed out, trying to wipe out botnets entirely is akin to tackling Australia’s rabbit problem. An unconditional win probably won’t ever happen, but continuing to fight is a must.
Understanding the Botnet Threat
A botnet is a type of malware that enables a hacker to hijack a computer for his or her own use. A hijacked computer is often called a “zombie” by computer security experts.
When a computer is infected with botnet malware it is programmed to perform automated tasks via the Internet without the actual computer owner knowing the actions are occurring. Botnets are often used to infect large numbers of computers at once for activities such as pay-per-click fraud, which is the case with ZeroAccess. Once a computer is hijacked for network use, that computer will also often be programmed to attempt to hijack other machines to increase the size of complexity of the illegal network.
Botnets can also be used to do such things as:
- Send out spam email from hijacked machines
- Spread viruses or even themselves
- Attack other computers and servers
- Commit other criminal acts, including fraud
When a botnet is operating on an infected machine, users may not notice anything wrong. It is possible, however, that a computer might slow down its operation speed as the criminal activity takes place in the background.
How To Tell If A Computer Is Infected
Detecting botnets and other forms of malware is fairly easy for those who operate online protection programs meant to detect botnets, Trojans, viruses and other malicious programs. Software packages, such as those developed by Norton, are designed to prevent infection and remove it if it is present. Some botnets, however, are difficult to detect and disable, which has been the case with ZeroAccess until now.
For those who don’t have protections in place, there are some signs that a botnet has turned a machine into a “zombie.” The signs include:
- A slowdown in computer operations
- Frequent crashes
Keep in mind that many of the symptoms of malware infection can also related to other computer- based problems.
Protecting From Infection
Protecting a machine from malware infection and avoiding it being taken over for use as a zombie is possible. The following steps can help prevent botnet infection:
- Install and use antivirus and antispyware programs from trusted, reliable sources.
- Make sure all used software is kept up to date.
- Use strong passwords and make sure they’re kept secret.
- Keep a firewall running at all times.
- Take care when using a flash drive. Make sure to run a malware scan before downloading files from a thumb or flash drive.
More information about this news and botnets: