What is a Botnet ? How to Detect and Prevent it ?
We here the name Botnet quite a lot in the cyber world, but what is Botnet ? by what method would you be able to identify and evacuate it ? Today we will talk about this subject.
What is botnet ?
A botnet is a network of computers that are compromised and are under the control of an attacker. Every individual device in a botnet is called as a bot. A bot is usually formed when a computer is infected with malware. This malware allows the crooks to control the computer remotely without the knowledge of the owner of the computer. The attackers who control these botnets are referred to as “bot masters” or “bot herders” .
Attackers generally use botnets for a lot of purposes, most of them being criminal. The most common applications for botnets include denial-of-service attacks, email spam campaigns, data theft and spreading adware/spyware. A botnet attack starts with a bot recruitment. Bot masters usually recruit these bots by spreading worms, botnet viruses, or other malware. It is also possible to use web browser hacking and infect computers which contain a bot malware. Once a computer is infected with a botnet virus, it will connect to the bot master’s command and control (C&C) server. From there the attacker is capable of communicating and controlling the bot. When the botnet reaches the desired size, the herder can exploit the botnet and carry out attacks (overloading servers, stealing information, sending spam, click fraud, etc).
Botnet Detection and Prevention
Detection of a botnet can be difficult, because these bots are designed to operate without any knowledge of user. But, there are some common signs using which you can find if a computer is infected with a botnet virus.some of them are:
- IRC traffic ( bot masters and botnets use IRC for communications)
- High outgoing SMTP traffic.
- Unexpected popups .
- Slow computing with a high CPU usage.
- Spikes in traffic, especially Port 6667 ( which is used for IRC), Port 25 (which is used for email spamming), and Port 1080 (which is used by proxy servers)
- Outbound messages that weren’t sent by the user
- Issues with Internet access
e:Some methods to prevent Botnets are:
- Network baselining: The Network performance and activity should be monitored hence irregular network behavior is clear.
- Software patches: All software in your computer should b kept up-to-date especially the security patches.
- Vigilance: Users should be trained to protect from activity that puts them at high risk of bot infections or any other malware.
- Anti-Botnet tools: Anti-botnet tools can be used to get best results.
Botnet Removal
Botnet detection is pretty useless without having botnet removal skills. Once a bot was detected in a computer, it should be removed as soon as possibly using security software with botnet removal functionality.
Hope this article provides basic information like what is botnet and how does it work.
Share your views on this topic in the comment section below.
Blogger Comment
Facebook Comment