Security needed to help battle botnet viruses

Botnet scams are often misunderstood as a virus, however, they exist in a computer without the user being aware their machine in compromised.

Botnet scams are often misunderstood as a virus, however, they exist in a computer without the user being aware their machine in compromised.

According to the article “Botnet Scams are Exploding” by Byron Acohido and Jon Swartz in USA Today on March 17, botnets are largely unknown by the public.

"Botnet is a term used to describe a collection of compromised computer systems that are working together for some common, usually nefarious goal," said Curtis Larsen, assistant professor of computer science.

In the article, Rick Wesson, CEO of Support Intelligence, explained that 30 percent of the 800 million computers connected to the Internet are bots taking part in spreading e-mail spam, stealing data from shopping and banking Web sites, and bombarding Web sites in a "denial of service" attack.

A denial of service attack uses mass amounts of bots to flood a certain Web site. All of this intensive traffic can cause a Web site to crash. This is a serious threat to large corporations' Web sites.

An example of phishing students may relate to takes place on MySpace. When clicking on an illegitimate advertisement, the user is redirected to a Web page that looks like the user has accidentally logged off. The user is tricked into entering his or her log on name and password. Now the hacker has total control of the account. Typically the hacker will post advertisements in the form of comments and bulletins, and the user's network of friends has no way of knowing the original user didn't actually post them. Also, the hacker has the user's e-mail address, and if the user uses the same password for his or her e-mail, it can be violated as well.

Users may not even be aware they are in the botnet network. Larsen said a compromised computer may exhibit symptoms similar to other virus compromises. He said the computer becomes unusually slow to respond or responds unreliably.

The botnet is not a virus. However, viruses can easily take advantage of machines that are a botnet.

"Hackers break into a machine, then install a code, which runs a botnet," said Chris Mosteller, campus systems administrator at DSC.

Luckily, anti-virus programs can detect botnets. Set up scheduled virus scans to occur automatically.

"The bottom line is, the program is running on your machine and you can't control it," Mosteller said.

According to www.fbi.gov, the FBI launched Operation Bot Roast last year. Operation Bot Roast was launched because national security implications of the growing botnet threat are broad.

According to the Web site, hackers may use the computers themselves or they may rent out their botnets for a charge. The more computers they control, the more they charge their clients.

Instead of being invaded by a botnet, prevent it from happening in the first place. Mosteller said to keep the computer patched. This means updating the computer on a regular basis, and downloading security updates and service packs. Most operating systems prompt the user when there are new updates available.

"I recommend checking more than one source when trying to determine if a computer has unusual network traffic," Larsen said.

Larsen suggested monitoring network connections and network traffic rates. For Windows, the user can use the netstat command from the command prompt to monitor open connections and volume. Larsen said users can also download TCPView to help find unusual network connections. Other prevention strategies include e-mail filtering, staying away from untrusted Web sites, activating the port filter on the DSL or cable modem, and not downloading software from untrusted locations.

Source : sun.dixie.edu/index.php?pg=story&storyid=3149