What to do about bots
Friday , July 18, 2014 - 8:16 AM
Last week I received an email from a reader asking what to do about a sudden invasion of bots on his computer. He had received several messages from his Internet provider Comcast, alerting him to the problem. He had several antivirus programs running, which had not detected any sort of malware. Did he really have a problem, and if so, what could he do about it?
Bots — short for robots — infect a computer and link it to a group of compromised computers, known as a botnet. A computer infected by a bot is often called a zombie PC. Once a bot infects your PC, it sends a message to its command-and-control server for instructions and becomes part of a rogue network, all working in unison. And the activity usually takes place when you're not using your computer: while you're sleeping your computer is silently doing a criminal's work.
Just last month, the U.S. Justice Department announced it had dismantled the Gameover Zeus botnet and charged a 30-year-old Russian with a slew of criminal counts. The purpose of the botnet was to steal banking credentials and then use them to make wire transfers overseas. Gameover Zeus was responsible for more than $100 million in losses. Of the 500,000 to 1 million compromised computers, about one-fourth were located within the U.S. The investigation spanned nearly three years.
“Gameover Zeus is the most sophisticated botnet the FBI and our allies have ever attempted to disrupt,” FBI Executive Assistant Director Robert Anderson said in a statement.
Botnets are also used for sending spam, phishing emails and to perform distributed denial of service attacks, referred to as DDoS, which can cripple corporate and government websites. (The Spamhaus attack of March 2013 was one of the biggest DDoS attacks in history and disrupted huge sections of the Internet.)
Botnets are tough to detect, and false positives are common, which is why receiving a notice may not mean your computer is infected. Most antivirus companies and service providers such as Comcast use two methods in tandem to identify a possible botnet member.
First, data is gathered from reputable Internet research groups that specialize in bot identification, including a list of Internet Protocol addresses that are either infected or belong to bot command and control channels. Second, computers are monitored for suspicious behavior such as sending out huge amounts of email in a short period of time and matched against denial of service attacks and spam attacks. But clever cybercriminals have created new ways of hiding their activities. Like with any online security issue, botnet detection is a game of cat and mouse between cybercriminals and security experts.
Signs your computer may be compromised
Watch for undelivered email notifications in your inbox that you did not send. Likewise, look for new email addresses in your address book you did not create. You might also notice new toolbars at the top of your browser that you didn't install and any unusual error messages.
If you receive a warning or are suspicious
Comcast subscribers who receive a bot warning will be offered an opportunity to download a Norton security suite as well as security toolbars. They will also be directed to Xfinity's site "Am I Botted?" at https://amibotted.comcast.net/all-clear.html, which likely confirm the warning.
But before you add resource-heavy software to your computer, or worse, pay a third party to investigate, try these steps to find out if your computer has really become the slave to a criminal ring.
1. Run any existing security programs you have installed on your computer. If you find malware, proceed according to your program's directions.
2. If your first scan comes up clean, try the free version of Malwarebytes Anti-Malware, a powerful and lightweight program that can be downloaded safely at https://www.malwarebytes.org/antimalware/.
3. Comcast subscribers should run the "Am I Botted?" utility again after about 24 hours of running an antivirus scan. Customers often report an all-clear result.
4. You can also try a system restore, a process in which Microsoft can turn your computer back to a previous moment in time. You can access the feature through your control panel. Choose a custom restore point that is at least a week earlier. I've had great success with this technique and largely avoided time-consuming scans.
Leslie Meredith has been writing about and reviewing personal technology for the past six years. She has designed and manages several international websites. As a mom of four, value, usefulness and online safety take priority. Have a question? Email Leslie at email@example.com.
Sign up for e-mail news updates.