BOT WHATS???

*propeller head alert! When I wrote this it all made perfect sense ... to me. If you're a normal non-techie sort, skip down to "Got it – so what do I do?"


I’m reading a lot about botnets and rootkits these days. There are even a few companies set up just to track and fight these ‘armies’.

So what are they? Wikipedia defines them as:
Botnet is a jargon term for a collection of software robots, or bots, which run autonomously and automatically. They run on groups of "zombie" computers controlled remotely. This can also refer to the network of computers using distributed computing software. AKA (called zombie computers) running programs, usually referred to as worms, Trojan horses, or backdoors)
A rootkit is a program (or combination of several programs) designed to take fundamental control a computer system, without authorization by the system's owners and legitimate managers. Typically, rootkits act to obscure their presence on the system through subversion or evasion of standard operating system security mechanisms. AKA (malware, spyware, adware)

So. What’s that mean to me?

Botnets are designed for a larger attack. Rootkits are just for ripping you off. In either case it’s not good! One sign would be if your computer that is running slow. It may just be the side effect of not running cleanup scripts on your registry, or running out of RAM – but then again, your computer may just be part of a botnet army doing processing for whoever runs it. I’ve read estimates of 25-50 million computers in the US and up to 150 million world wide are infected with Bots. They could be used for a variety of schemes none of them attractive. (eg. Phishing, Pharming, DoS, …)

Rootkits such as SilentBanker (a Man in the Browser attack for those of you keeping score) and Infostealer are designed to get access to your bank accounts. As long as that backdoor is available to its boss (wherever he may be) – your information on that computer, and the things you use it for are not secure.

Got it – so what do I do?

I’m starting to consider rootkits/botnets something like herpes. Once you’re infected you may never get rid of it. There are some good anti-rootkits out there, but even the best ones seem to cover only 50-75% of the known problems. You’re much better off trying to avoid catching it in the first place! (see Candy Canes from strangers for tips on safe surfing).

Most of the firewalls I’ve tried lately also ‘flag’ results from search engines letting you know if they’re safe or not. I see it in my system from Zonelabs, and VCom. McAfee Site Advisor will check out the links on a page for you also.

update!
Here's a description article on how bad things are getting from TechSpot, and a couple of good sites - Webroot, the market leader and Prevx, I haven't used, but looks good

update #2! (2-28)
Here's a description of a teenager going to jail for creating a botnet of 400,000 computers over 3 months. in this article "script kiddie" refers to someone who is computer savvy, but isn't the original author of the hacking tools they are using - they're just the one who has targeted and unleashed it.