What is a Botnet attack and How to Prevent it – Botnet detection | Prevention

botnet attack

What is botnet attack and how to prevent it? Its different from other attacks in which your system is being controlled by someone else. Your information is also being sold to third party companies. Now, directly jumping to the article which includes complete detection and prevention methods.

1. What is a botnet attack?

Botnet attack is sometimes difficult to detect, but not impossible. Have you noticed that your PC has suddenly slowed to a crawl for no apparent reason? It might be nothing, but it could be that your computer is busy doing other things, and by other things, I mean attacking other computers as part of a botnet controlled by hackers, or other assorted bad guys.

“How can this be? My anti-virus software is always up to date?” you say.

Botnet software is usually installed on computers by users who are tricked into loading it. The software might pass itself off as a legitimate product claiming to be an anti-virus scanner when in reality it is malicious Scareware. If once installed, it provides a gateway into your system for malware software developers to install things like rootkits and botnet.

2. What does it do?

The botnet software effectively sets your computer up to receive instructions from a master control terminal. This terminal is controlled by the botnet owner who is usually a hacker or other cybercriminal.

Yes, that’s right, you heard me correctly. Not only is your computer infected, but people are making money by selling the rights to use your computer (without your knowledge) to carry out attacks on other computers. Mind boggling isn’t it? It’s like someone renting out your car for someone else’s use. While the car is parked at a shopping center, and then putting it back before you discover it was gone.

A typical botnet may consist of tens of thousands of computers that are all controlled by a single command and control terminal. Hackers love using botnets because it allows them to combine the computing power and network resources of all the computers in the botnet to attack a single target. These attacks are called distributed denial of service attacks (DDoS).

file_iconAlso see our article
What is a trojan – Is it a virus or not?

These attacks work well because the target of the attack may not be able to handle the network and resource load of 20,000 computers all trying to access it at one time. Once the system is bogged down by all the DDoS traffic from the botnet, legitimate users might not be able to reach the server. This is extremely bad for business, especially if you’re a large electronic retailer where constant availability is your lifeblood.

Some of the bad guys will even blackmail the targets, telling them that if they pay them a fee, then they will stop the attack. Incredibly enough, some businesses will pay the blackmail fee just to get back in business until they can figure out how to better deal with the attacks.

3. How Do These Bot Nets Become So Large?

Malware developers who create the botnet software pay money via malware affiliate marketing programs to people willing to install their malware on victims’ computers. They may pay $250 or more per 1000 “installs”. Enterprising bad guys will use every means necessary to trick unsuspecting users into installing this crapware. They will link it in spam e-mails, post malicious links to forums, set up malicious websites, and anything else they can think of to get you to click the installer so they can get credit for another install.

The malware developer will then sell control of the botnets they have created. They will sell them in large blocks of 10,000 or more slave computers. The larger the block of slave bots, the higher the price they will ask.
It is really all about bad guys making money off of trafficking the use of your computer’s CPU cycles and your network bandwidth.

4. Botnet attack detection

Botnet detection is difficult, as bots are designed to operate without the user’s knowledge. However, there are some common signs that show a computer is infected with a botnet virus (listed below). While these symptoms are often indicative of bot infections, some can also be symptoms of malware infections or network issues. Thus should not be taken as a sure sign that a computer is infected with a bot.

  • Problems with Internet access.
  • Unexpected popups (as a result of click fraud activity)
  • Slow computing/high CPU usage
  • Spikes in traffic, especially Port 6667, Port 25 (email spamming), and Port 1080 (used by proxy servers)
  • Connection attempts with known C&C servers
  • Multiple machines on a network making identical DNS requests
  • High outgoing SMTP traffic (as a result of sending spam)
  • Outbound messages (email, social media, instant messages, etc) that are not sent by the user

5. How Can We Stop These from Enslaving Our Computers – Prevention Methods

1. Get a Malware-Specific Scanner

Your virus scanner might be awesome at finding viruses, but not so good at finding Scareware, rogue malware, rootkits, and other types of malicious software. You should consider getting something like Malwarebytes which is known for finding malware that often evades traditional virus scanners.

2. Get a "Second Opinion" Scanner

If one doctor says everything is good, but you still feel sick, you might want to get a second opinion from another doctor, right? Do the same for your malware protection. Install a second malware scanner on your computer to see if it might catch something that the other scanner missed. Surprisingly there are many things which one tool misses while another one catches.

3. Be on the Lookout for Fake Anti-Virus Software

In your search for malware protection, you could end up installing something malicious if you don’t do your research on the product first. Google the product to see if there are any reports that it is fake or malicious before you install anything. Never install anything that is sent to you in an e-mail or found in a pop-up box. These are often delivery methods for malware developers and malware affiliates.

If you want to be extra sure that the malware infection is gone then you should consider a performing full backup, wipe and reload of your computer to ensure that the malware is gone. If you have any queries then let us know from the comments section below.