Bots and Botnets: There Are Zombies Among Us

October is one of my favorite months of the year – the air is crisp, the leaves are beginning to change, pumpkins are everywhere, and Halloween is right around the corner. It’s also National Cyber Security Awareness Month and, as a way to pay tribute to this wonderful time of year, I’m dedicating this NJCCIC CyberLog to the topic of zombies. Now, I’m not talking about the brain-eating, Thriller-dancing, rotting corpses. I’m talking about something far more frightening – zombie computers! Zombie computers will ignore your commands, steal your private information, bombard email addresses with spam, launch attacks against networks, and try to infect other machines in order to create a large and powerful zombie computer army, called a botnet. Scary stuff, right?

How does a computer become a zombie?

There are a number of ways that a computer can succumb to “zombification” and morph into a “bot” to do evil’s bidding. As is the case with almost every computer infection, leaving machines unprotected and vulnerable to exploitation increases the risk for a potential botnet infection. The most common ways in which botnet infections occur include using outdated and unpatched software, not running up-to-date antivirus software, lacking or utilizing an ineffective firewall, using insecure browser plug-ins, visiting malicious websites, downloading software from untrusted sources, and using peer-to-peer (P2P) file sharing services. After a computer is successfully infected, it notifies the botmaster through a command-and-control (C2) server and awaits further instructions.

What’s the purpose of a botnet?

Cybercriminals create botnets in order to harvest as much computer power as possible for their malicious activities. Botnets are commonly used to launch distributed denial-of-service (DDoS) attacks, where the attacker commands infected computers to send as much network traffic as possible to a target like a website, network, or online service. This tactic can effectively make the target inaccessible to legitimate users. Botnets are also used to send spam emails in bulk, eliminating the cost of hiring an email distribution service and making it difficult for recipients, researchers, and law enforcement to trace the spam back to the sender. In addition to spam, botnets can distribute other types of malware by acting like a Trojan to deliver additional payloads to an already infected system. Cybercriminals use botnets for click-fraud to generate illicit advertising revenue by driving artificial network traffic to websites. Recently, botnets have been used for a new purpose, “Bitcoin mining,” where the botmaster uses the collective processing power of infected computers to solve complex mathematical equations to earn digital currency. Lastly, some botnets are offered for rent to cybercriminals who don’t have the time, inclination, or skill to create their own digital zombie army.

Don’t Get Recruited into the Zombie Army – Keep a Clean Machine.

It’s important to be aware of the botnet threat for several reasons. Not only can your private information be compromised, but you could inadvertently find yourself and your computer at the center of a criminal investigation if malicious activity is traced back to your IP address. Granted, evidence of botnet malware on your system can prove your innocence but you may be forced to surrender your computer to law enforcement until it undergoes a digital forensics examination. In addition, your Internet service provider (ISP) will likely detect unusual network traffic originating from your IP address and cancel your service with or without notice. Most importantly, each one of us should always strive to be good cyber-neighbors and responsible stewards of the Internet. It would certainly be awful to discover, after the fact, that your computer had been used in an attack against a crucial healthcare service or network, to distribute illegal and harmful content, or to defraud innocent people out of their hard-earned money. Education is key, so please share the following best practices with friends, family, and coworkers to help reduce and eliminate the spread of botnet infections.

• Make sure your antivirus software is up-to-date and actively running on your machine. If you don’t have antivirus software installed, get it. If you don’t know where to start, click here to see an impartial comparison of antivirus products by an independent computer security organization.
• Set your antivirus software and your operating system to download and install updates automatically.
•  Immediately install browser, plugin, and other software patches and updates when they become available – in other words, don’t click ‘remind me later’ and put it off for days or weeks.
• Don’t open emails from untrusted sources. If an email looks like it came from a familiar source but seems unusual in any way, speak with the sender on the phone or in person before clicking on any links or downloading any attachments.
• Make sure your email spam filters are set to the highest detection setting available.
• Don’t download files from untrusted sources and avoid using P2P file sharing networks, even if you know the sender. You cannot be sure if that person is using a safe and protected computer.
• If you detect unusual behavior on your system – such as excessive power consumption and data plan usage, sluggish performance, pop-up windows, unfamiliar applications or browser history entries – remove it from the network immediately and run a malware removal tool to get rid of the infection. If you are unsure of how to do this, contact a professional, but do not reconnect your computer to the network until the infection has been removed.

This year, don’t let your computer be a zombie for Halloween or else you may be setting yourself up for more tricks than treats. Make sure to stay safe when going online and keep up with the latest cybersecurity threats by becoming a member of the NJCCIC and encouraging others to do the same.