Some of your questions require a bit of background and additional definitions of related terms before I can deliver an answer that makes sense to you. This week’s question about botnets is such a one.
Webopedia defines a botnet as a type of bot running on an IRC network that has been created with a trojan. “Bot” is short for robot which is a program that runs automatically. IRC stands for Internet Relay Chat which is a type of program that allows people to have live discussions across the Internet with multiple people at one time.
It’s kind of like the old phone party line on steroids. I think most of you know that a trojan is a type of malware that masquerades as a good or benign application but is in reality destructive. Now put all these terms together and a botnet is a nightmarish deluge of messages being sent out over a network with malicious intent, possibly using your PC as one of the spam or virus senders or even part of an identity theft ring.
When an infected computer is on the Internet the bot can then start up an IRC client and connect to an IRC server. Multiple bots can then join together and the person who has made them can now spam IRC chat rooms, launch huge numbers of Denial of Service attacks and cause servers and networks to go down. This is the intent of the malefactors behind the botnet. One serious problem with botnets is that member PCs often appear normal and the owners are unaware that they are part of the scam.
According to a recent study by the Georgia Tech Information Security Center (GTISC), the sophistication of this type of malware is growing rapidly and can threaten not only computers and networks but sensitive databases like those involved with healthcare and financial markets. More than 100 million computers are currently infected with botnets and the number is growing at an alarming rate. These computer robots have become the basis for cybercrime on a worldwide scale and Microsoft has recently called for infected computers to be quarantined from the Internet.
Microsoft sees botnets as the core platform for dispersing malware worldwide and calls for international cooperation to curtail malefactors. McAfee reported that at the end of 2009 almost half of the worldwide botnet infections came from just three international botnets which are so big that they have been assigned code names by security trackers. Operations in Brazil, Russia, India and Viet Nam were responsible for a quarter of all infections.
How can you now if you are part of a botnet, if your PC is a Zombie machine (controlled by someone else)? Here are some indicators: slowed PC performance, disabled virus software, firewall turned off, Windows updates halted, Web browser closing for no reason, unresponsive mouse or keyboard, notices in your email that mail was undelivered to addresses you didn’t send to and longer startups and shutdowns than normal.
Let me hear from you if you have several of these signs as it may be time for some cleanup.