The recent Mariposa scam which revealed the compromising of 12.7 million computers shows the extent and severity of botnet problem. Mariposa is only one of them; there are many more such botnets like conficker, kraken, srizbi, Zeus, Zdbot, etc which have compromised millions of computers that are connected to internet today. And these in turn are actively trying to infect more and more computers every day. An article from BBC saying that up to a quarter of PCs connected online are part of botnets, tells us how grave the situation is.

Basics about Bots and Botnets
The term bot is related to the word robot. A computer system is first infected by a Trojan virus or any such malware; then the hackers, who are creators of this malware, take over the controls of the system and remotely operate it for their use. Since, the infected computers are obeying the controls of the hacker, these are also called bots or zombies.

A single bot is of not much use to the hacker. Thus, he first tries to increase the number of zombies by spreading the malware via the infected PC. Thus, the network of bots increases and forms a botnet. A typical botnet contains a few hundreds or a couple thousands of computers. However, there are a few botnets that contain millions of infected PCs. All of them serving to the key master – the creator of the botnet.

How/where are they used?
The primary risk of having/using a PC-turned-bot is putting all your credible information (like bank accounts, credit card numbers, passwords, financial information or any such sensitive data) available for the hacker to exploit. Bots also send spam, viruses, spyware to other computers on internet in order to spread their botnet. These are automated processes and do not require commands from the hacker each and every time.

Botnets are also used to perform other tasks online like creating email spam, clickfraud, spamdexing, launching of denial-of-service (DoS) attacks, fast flux, access number replacements, etc.

How to check if your PC is a part of botnet
Your PC Internet connection – turning inexplicably slow either while browsing or while checking mails can be a symptom of botnet infection. The malware used in botnet infection are specially designed to hide themselves even during carrying out the automated processes. Thus, it is hard to trace them down sometimes even with an antivirus installed in your PC. However, Prevx suggests a small technique using which you can check if your PC is part of a botnet follow when your internet becomes slow. The process is as follows:

1. Close all your browsers and email software (like Thunderbird, Outlook, etc)
2. Open Task Manager: Press CTRL+ALT+DEL at a time and then select Task manager from the Window.
3. Open Networking tab and observe the graph or Network Utilization percentage below the graph. If it is showing more than usual percentage, then it might indicate that your PC is infected.

If the above is true in your case, the next steps to do will be:

• Immediately pull off from the internet by disconnecting the LAN cable.
• Use a rescue disk (like Norton antivirus rescue disk) and scan your computer thoroughly.
• Replace your antivirus immediately with a superior one and run thorough scan (because it is already proved that the existing one is ineffective).
• Reconnect PC to the internet and update your MS Windows, antivirus database, browser, adobe reader, and other vulnerable applications that are installed on your PC.

Read the rest of this entry »

Spanish police working with the FBI and other police forces have arrested three suspects for running world’s biggest computer hacking scam through a bots network called Mariposa.

This is a crucial win for security experts over hackers and a relief to millions of people who use internet everyday. The network of mariposa botnet is spread around 190 countries infecting over 12.7 million computers. These included computers of the US Fortune 1000 companies to computers of major banks. Spanish police reported the recovery of details like bank account details, credit card numbers, usernames, passwords, etc., of over 800,000 people. The amount of loss due to this botnet network is yet to be determined.

Mariposa is a Spanish word for butterfly. It was announced as a new botnet by Defence Intelligence in May 2009. This bot is known to spread through crucial vulnerabilities in Internet Explorer as well as contaminated USB sticks. It is very hard to nab creators of botnet as these criminals operate disguising the source of their Internet traffic or through an infected computer (called zombie) belonging to another person. It seems that it is the blunder made by one of the operators of mariposa – forgetting to conceal their IP address – that helped Spanish police to catch this gang.

The infected computers still remain tainted. The worst part is that most of the owners are still not aware that their computer is a botnet. Use a reliable, robust and updated version of antivirus solution in your PC to detect any traces of botnet.

Read more about Botnet and PC security here.
Read the rest of this entry »