Top Nav

How to Tell If You’re Part of a Botnet

screenshot-2016-11-30-at-9-12-41-pm

Earlier this year, Dyn, one of the biggest DNS providers came under attack by a massive botnet. If you remember huge swaths of the internet going down for part of the day, that’s what that was all about. This was a Distributed Denial of Service (DDoS) attack, which basically means that a bunch of computers started sending requests to Dyn’s servers until they overloaded and broke it.

Take over my computer? But who would do such a thing?

In a way, it was people like you and me. But not voluntarily, of course. Rather, some hackers had installed malware on a bunch of computers and consumers who have not secured their Internet of Things (IoT) devices like web cameras, DVRs, and thermostats and used them to launch the DDoS attack against a target of their choosing.

Editors Note: Unclear what all the buzz about the Internet of Things is? Read our introduction to IoT. The article reviews the basics of IoT and why it’s important you understand them before filling your home with smart devices.

This is what they call a botnet. A botWhat??

A botnet is one part of a Command and Control (CnC) attack. Here’s how it works. Malicious groups spread malicious software (aka malware) to as many computers on the internet as possible — I’m talking millions of devices. Then, they sell the ability to control all those devices to someone even more malicious. These people then use the botnet to launch a coordinated attack across the internet. Normally this takes the form of a DDoS attack, email SPAM storm. However, it can also then be used to increase the size of the botnet by attacking more devices or perhaps silently sitting back and just collecting data from millions of infected devices. 

The big attack on DynDNS was something of a test run. This was to demonstrate the power of a botnet. The damage was widespread, and the chaos was rampant, taking down huge services you likely use every day. In other words, a powerful marketing tool for peddlers of viruses and malware—don’t expect this to be the last you’ve heard about botnet attacks.

So, the question you are probably asking (or should be asking…) is this:

  1. How do I protect myself from becoming part of a botnet?
  2. And how can I tell if I’m already part of one?

How to Detect and Prevent Botnet Malware Infections

There’s good news and bad news to this. The bad news is that botnet malware is meant to go undetected. Like a sleeper agent, it keeps a low profile on your system once it’s installed. In theory, your antivirus and security software should detect it and remove it. That is as long as the antivirus companies know about it.

The good news is that there are some simple and free ways to mitigate the damage that you can do if your computer becomes part of a zombie botnet.

  1. Use an alternative DNS provider. DNS stands for domain name service, and it’s the process by which domain names (e.g. groovypost.com) get translated into IP addresses (e.g. 64.90.59.127). This is a pretty basic function for the most part, and usually, your ISP handles it. But you can choose a different DNS server that has a little bit of added value. OpenDNS does that for you, but they also take the extra step of making sure you’re not accessing known malicious content. It’s sort of like if you were to call the operator and be like “Operator, connect me to Mr. Jones!” and the operator was like “Um, you know Mr. Jones is a total scam artist, right?” OpenDNS will also be able to tell you if you are part of a botnet by recognizing the patterns of known botnet attacks.
  2. Get a good router. If the DNS server is the operator between your house and the internet, your router is the operator between your ISP and your devices. Or maybe it’s like your DNS server is the FBI and your router is the local police force. Too many analogies? Okay, sorry. Anyway, in the same way, that your DNS server can add a layer of security, your router can, too. My ASUS router detects malware and blocks malicious sites. Many modern routers do so as well. So, if you haven’t upgraded your router in 10 years, you should consider it, even if it’s working perfectly fine.
  3. Check botnet status sites. There are two sites that provide free botnet checks: Kaspersky’s Simda Botnet IP Scanner and Sonicwall’s Botnet IP Lookup. When you catch wind of a botnet attack, pop on to these sites to see if you’re part of the problem.
  4. Keep an eye on your Windows processes. If you open up the Task Manager in Windows 10, you can see which processes are using your network. Do a brief survey of these and take note of anything that looks suspicious. For example, it makes sense that Spotify is using the internet, but what about that weird process you’ve never heard of? For more info, check this out: Windows 10 Tip: Find Out What a Process Does the Easy Way. You might also want to check out Netlimiter for Windows and Little Snitch for Mac.

Those are the basic steps that any responsible tech user can do. Of course, as evildoers on the web continue to grow and their attacks grow more sophisticated, I encourage you to continue getting educated on how to stay safe online.

Have your devices ever been hijacked by a botnet? I want to hear about it! Share your story in the comments.

More Reading:

, ,

4 Responses to How to Tell If You’re Part of a Botnet

  1. Richard December 27, 2016 at 5:28 pm #

    Thanks for this important Post. I checked under Kaspersky’s above and my computer is not part of the problem, however. I always get these messages when trying to go to target.com and sometimes other department stores as well. I have called target and they don’t seem to know how to handle this message: My Desktop PC always says:

    Access Denied

    You don’t have permission to access “http://www.target.com/” on this server.
    Reference #18.a4a40517.1482888069.8140589

    THANK YOU!

  2. Jack Busch January 8, 2017 at 11:16 am #

    Hey Richard – that definitely sounds fishy. Did you ever get any more info? Accessed Denied is usually a server side error. What browser do you use?

    You ought to check to see if your hosts file has been hijacked.

    Are you on WIn 10?

    Press WIN + R and paste this in:

    c:\Windows\System32\Drivers\etc\hosts

    open it in notepad

    see if there is an entry for target or any other urls in there

    • Richard January 9, 2017 at 11:10 am #

      Thanks for your response. I finally found out what was causing the problem. After subscribing to “PRIVATE INTERNET ACCESS” some sites will block you stating “Access Denied”. After disconnecting from “Private Internet Access” I was able to access the websites in questions. After leaving the websites, I then reconnect to “Private Internet Access” and every seems to be fine now. I guess that is one place to check when having problems connecting to websites that deny access. THANK YOU!

  3. Jack Busch January 11, 2017 at 11:49 am #

    Ah makes sense – sounds like Target doesn’t want you accessing their site using a vpn or anonymizer. Interesting thank you for the update!!

Leave a Reply

 

Free Learning

 

Don't miss a single tip, how to or tech news update. Subscribe to my free newsletter and receive updates, right to your inbox.

You have Successfully Subscribed!

23 Shares
Share
Share
+1
Email
WhatsApp