The recent Mariposa scam which revealed the compromising of 12.7 million computers shows the extent and severity of botnet problem. Mariposa is only one of them; there are many more such botnets like conficker, kraken, srizbi, Zeus, Zdbot, etc which have compromised millions of computers that are connected to internet today. And these in turn are actively trying to infect more and more computers every day. An article from BBC saying that up to a quarter of PCs connected online are part of botnets, tells us how grave the situation is.

Basics about Bots and Botnets
The term bot is related to the word robot. A computer system is first infected by a Trojan virus or any such malware; then the hackers, who are creators of this malware, take over the controls of the system and remotely operate it for their use. Since, the infected computers are obeying the controls of the hacker, these are also called bots or zombies.

A single bot is of not much use to the hacker. Thus, he first tries to increase the number of zombies by spreading the malware via the infected PC. Thus, the network of bots increases and forms a botnet. A typical botnet contains a few hundreds or a couple thousands of computers. However, there are a few botnets that contain millions of infected PCs. All of them serving to the key master – the creator of the botnet.

How/where are they used?
The primary risk of having/using a PC-turned-bot is putting all your credible information (like bank accounts, credit card numbers, passwords, financial information or any such sensitive data) available for the hacker to exploit. Bots also send spam, viruses, spyware to other computers on internet in order to spread their botnet. These are automated processes and do not require commands from the hacker each and every time.

Botnets are also used to perform other tasks online like creating email spam, clickfraud, spamdexing, launching of denial-of-service (DoS) attacks, fast flux, access number replacements, etc.

How to check if your PC is a part of botnet
Your PC Internet connection – turning inexplicably slow either while browsing or while checking mails can be a symptom of botnet infection. The malware used in botnet infection are specially designed to hide themselves even during carrying out the automated processes. Thus, it is hard to trace them down sometimes even with an antivirus installed in your PC. However, Prevx suggests a small technique using which you can check if your PC is part of a botnet follow when your internet becomes slow. The process is as follows:

1. Close all your browsers and email software (like Thunderbird, Outlook, etc)
2. Open Task Manager: Press CTRL+ALT+DEL at a time and then select Task manager from the Window.
3. Open Networking tab and observe the graph or Network Utilization percentage below the graph. If it is showing more than usual percentage, then it might indicate that your PC is infected.

If the above is true in your case, the next steps to do will be:

• Immediately pull off from the internet by disconnecting the LAN cable.
• Use a rescue disk (like Norton antivirus rescue disk) and scan your computer thoroughly.
• Replace your antivirus immediately with a superior one and run thorough scan (because it is already proved that the existing one is ineffective).
• Reconnect PC to the internet and update your MS Windows, antivirus database, browser, adobe reader, and other vulnerable applications that are installed on your PC.

Read the rest of this entry »

The advanced features of NTFS (New Technology File System) like recoverability in the event of a system failure, file compression, security controls for files, EFS (Encryption File System), Disk Space Quota management, etc., has made it preferable over FAT file system. Unless in situations like using multiple-boot configuration – NTFS is an ideal file system to use for your hard drive.

Before Formatting an NTFS volume
For better performance of your NTFS volume it is essential to evaluate which type of files will be stored in the volume and how big they will be. This is to decide whether to use the default cluster size for the NTFS partition or manually configure it. Clusters are units in which files of a file system are managed. Choosing an ideal cluster size not only saves the disk space but also improves the performance of the volume.

Choosing a Cluster size
The default cluster size values of NTFS formatting in Windows NT/2000/XP are as follows:

* greater than 2 TB is not supported in Windows NT due to limitations of MBR

A manual partition can be assigned cluster size values as 512 bytes, 1KB, 2KB, 4KB, 8KB, 16KB, 32KB, 64 KB. However a cluster size more than 4 KB does not support compression on volumes (You might have seen that the default cluster size is not exceeding 4 KB in the above table).

If you are going to use your HDD for saving regular working documents like xls, doc, etc., it is good to use small cluster size so that disk space is not wasted. However, if you will be saving large multimedia files than it will be good to use large cluster size. This will help in improving performance of the Logical Volume.

Maximum sizes in NTFS
NTFS has certain limits for file size, volume size and number of files per volume. The limits, according to Microsoft, are as follows…

• The maximum size of an NTFS volume is 256 Terabytes minus 64KB (Thus, even a PC with 1TB of disk space can be formatted into single NTFS volume without any issues).
• The maximum size of a file you can store in an NTFS volume is 16Terabytes minus 64 KB.
• The maximum number of files you can store in a NTFS volume are 4,294,967,295. However, if the number of files is exceeding 300,000, it is recommended to disable automatic short-file name generation (use this link to find the procedure http://support.microsoft.com/kb/210638). This will speed up file and folder access of the system.

Read the rest of this entry »

Spanish police working with the FBI and other police forces have arrested three suspects for running world’s biggest computer hacking scam through a bots network called Mariposa.

This is a crucial win for security experts over hackers and a relief to millions of people who use internet everyday. The network of mariposa botnet is spread around 190 countries infecting over 12.7 million computers. These included computers of the US Fortune 1000 companies to computers of major banks. Spanish police reported the recovery of details like bank account details, credit card numbers, usernames, passwords, etc., of over 800,000 people. The amount of loss due to this botnet network is yet to be determined.

Mariposa is a Spanish word for butterfly. It was announced as a new botnet by Defence Intelligence in May 2009. This bot is known to spread through crucial vulnerabilities in Internet Explorer as well as contaminated USB sticks. It is very hard to nab creators of botnet as these criminals operate disguising the source of their Internet traffic or through an infected computer (called zombie) belonging to another person. It seems that it is the blunder made by one of the operators of mariposa – forgetting to conceal their IP address – that helped Spanish police to catch this gang.

The infected computers still remain tainted. The worst part is that most of the owners are still not aware that their computer is a botnet. Use a reliable, robust and updated version of antivirus solution in your PC to detect any traces of botnet.

Read more about Botnet and PC security here.
Read the rest of this entry »