A botnet is a network of infected computer systems which are under the control of criminals. Typically, the compromised systems are used for fraudulent activity.
The computers are infected with one or more trojan viruses that make outbound connections to Internet Relay Chat (IRC) servers. When the trojans arrive at the IRC servers, they are given commands to perform actions such as attacks and spam runs. Also, trojans commonly include keystroke loggers, so as soon as the bots connect to an IRC server, the trojan pulls financial information, passwords, and additional information from the infected computer.
- The next time that computer is connected to the Internet, that trojan will start up an IRC client and connect to a server. Sometimes it is a real IRC server, but more often it is an IRC server which has been set up on a shell account and paid for with a stolen credit card. The trojan will also have been coded to make the bot join a certain channel once it has connected.
- The trojan may have been downloaded to the victim's computer by the following ways.
- Wrapped up in a file that looks innocent, usually a game crack or email attachment.
- The trojan virus may be named to make you think it is an anti-virus program.
- There was hidden code on a website that a person visited, which downloaded the virus to their machine.
- The major difference between a bot in a botnet, and your common eggdrop or IRC client script bot in a channel, is that the botnet variety have been created with a trojan and, almost always, without the knowledge of the person whose computer they are running from.
Botnets are commonly used to send spam and phishing scam emails. These emails are sent anonymously from the infected computers to thousands or more recipients at a time. This typically happens while the user is away from their computer. Much of the unsolicited email you receive probably comes from a bot running on an infected computer.
Today, it can be very difficult to detect the malicious software behind all of this. The processes are usually hidden until they detect that the system has been idle for a while.
There are a number of tools that you can download and run to remove the more common infections. However, not all malicious software can be detected or completely removed. If you have been advised that your system is likely infected with a virus, it is best to back up your important files and re-image your system.
Protection Against Botnets
Today, one of the best ways to keep yourself protected is to promptly update your operating system, security software, Adobe Acrobat / Flash, and Sun / Java software as soon as updates are available. Update notifications display in the following ways.
- Windows users access the small pop-ups on the lower right-hand corner of the screen.
- Mac users see a software update menu open after logging in.
You will never be notified of critical system updates via email, unless you have intentionally subscribed to receive these types of notifications from your software vendor. Also, do not click on links in email or web browser pop-ups claiming to be critical software updates. There are free malicious software scanner tools available which you can run in addition to your current anti-virus. Some of these trojans can't be identified with anti-virus software. It may be necessary in some cases to reformat a computer to destroy a trojan.