You may know nothing about it, but your phone – or your laptop or tablet – could be taken over by someone else who has found their way in through a back door. They could have infected your device with malware to make it a “bot” or a “zombie” and be using it – perhaps with hundreds of other unwitting victims’ phones – to launch a cyberattack.
Bot is short for robot. But cyberbots don’t look like the robots of science fiction such as R2-D2. They are software applications that perform repetitive tasks they have been programmed to do. They only become malicious when a human operator (a “botmaster”) uses it to infect other devices.
Botmasters use thousands of zombies to form a network (“botnets”), unknown to their owners. The botnet lies dormant until the number of infected computers reaches a critical mass. This is when the botmaster initiates an attack. An attack could involve hundreds of thousands of bots, which target a single or very small number of victims.
This type of attack is called a distributed denial-of-service (DDoS) attack. Its aim is to overwhelm the resources of a website or service with network data traffic.
Attacks are measured by how many connection requests (for example website/browser connections) and by how much data they can generate per second. Usually a lone bot can only generate a few Mbps of traffic. The power of a botnet is in its numbers.
Not entirely. Anyone can buy a botnet. “Botnets-for-hire” services start from $23.99 (£19.70) monthly from private vendors. The largest botnets tend to be sold by reference. These services are sold so you can test your personal or company service against such attacks. However, it wouldn’t take much effort to launch an illegal attack on someone you disagree with later on.
Other legitimate uses of bots include chatting online to customers with automated responses as well as collecting and aggregating data, such as digital marketing. Bots can also be used for online transactions.
Botnet malware is designed to work undetected. It acts like a sleeper agent, keeping a low profile on your system once it’s installed. However, there are some simple ways to check if you think you might be part of a botnet.
Computer operating systems (such as Windows) come with antivirus protection installed by default, which offers the first line of defence. Antivirus software uses signature analysis. When a security company detects malware, it will make a unique signature for the malware and add it to a database.
But not all malware is known.
More advanced types of antivirus detection solutions include “heuristic” and “behaviour” techniques. Heuristic detection scans algorithm code for suspect segments. Behaviour detection tracks programs to check if they’re doing something they should not (such as Microsoft Word trying to change antivirus rules). Most antivirus packages have these features to a greater or lesser degree but compare different products side by side to side to see if they meet your needs.
Computers are more vulnerable when connected to the internet. Ports, input devices with an assigned number that run on your computer, are one of the parts that become more exposed. These ports allow your computer to send and receive data.
A firewall will block specific data or ports to keep you safe. But bots are harder to detect if the botmaster uses encrypted channels (the firewall can’t read encrypted data like Hypertext Transfer Protocol Secure (https) data).
Investing in a new broadband router rather than using the one your broadband provider sends can help, especially if it features advanced network-based firewalls, web security/URL filtering, flow detection and intrusion detection and prevention systems.
Ignoring system and software updates leaves you vulnerable to security threats. Your computer data should also be backed up on a regular basis.
Don’t use administrator accounts for regular computer access for both home and business use. Create a separate user account even for your personal laptop, without admin privileges. It is much easier for attackers to introduce malware via a phishing attack or gain those credentials by using impersonation when you are logged into an administrator account. Think twice before downloading new apps and only install programs that are digitally verified by a trusted company.
Many attacks, such as ransomware, only work when people lack awareness. So keep up to date with the latest information about techniques cybercriminals use.
Usually your internet provider handles this automatically for you (linking website addresses to network addresses and vice versa). But botnets often use domain name services to distribute malware and issue commands.
You can manually check patterns of known botnet attacks from sites such as OpenDNS against your computer records.
Signs your device is a zombie include websites opening slowly, the device running slower than usual or behaving oddly such as app windows opening unexpectedly.
Have a look at what programs are running. On Windows for example, open Task Manager to do a brief survey to see if anything looks suspicious. For example, is a web browser running despite the fact you have not opened any websites?
For more information look at guides to viewing Windows computer processes. Other tools include Netlimiter for Windows and Little Snitch for Mac.
When there have been news reports of a botnet attack, you might want to take a look at reputable botnet status sites which offer free checks to see if your network has an infected computer.
If your computer has a botnet infection it either needs to be removed by antivirus software. Some types of malware with features like rootkit functionality are notoriously hard to remove. In this case your computer’s data (including the operating system) should be deleted and restored. Another reason to back your computer up on a regular basis – anything not backed up will be lost.
Republished from The Conversation under a Creative Commons license in the United States. Read the original article.
Adrian Winckles is a Chartered Engineer and Chartered Information Technology Professional of the British Computer Society. He specializes in network and internet security, and organized the European chapter meeting of the Open Web Application Security Project (OWASP) on our Cambridge campus in 2014.
Adrian’s research interests include: Malware detection and digital forensics; Computer networking; Network and system security; Network and system management; Virtualisation/cloud computing; and Remote laboratory representation.
Andrew Moore is an experienced Senior Lecturer practitioner with a demonstrated history of working in higher education and industry: Skilled in Digital forensics, Analysis, Security Policies and Cisco-based Networking. Strong education professional with a Bachelor of Science (BSc) focused in Computer Forensics & Information security, a Cisco academy instructor and PGCERT in higher education.
He holds certifications in the following: Certified Forensic Investigation Practitioner: Hands-On (CFIP), Certified Forensic Investigation Specialist: Hands-On (CFIS), Certified Malware Investigator: Hands-On (CMI) and Certified Cyber Security Incident Responder: Hands-On (CSIR) (Distinction)
More than 86 million Americans use the social media app TikTok to create, share, and view short videos, featuring everything from cute animals and influencer advice to comedy and dance performances.
Concerned experts point out that TikTok’s parent company, the Beijing-based ByteDance, has been accused of working with the Chinese government to censor content and could also collect sensitive data on users.
The recent leak of Pentagon documents included the suggestion that China is developing sophisticated cyber attacks for the purpose of disrupting military communication satellites. While this is unconfirmed, it is certainly possible, as many sovereign nations and private companies have considered how to protect from signal interference.
The Wisconsin shipyard that builds the U.S. Navy’s Freedom-class Littoral Combat Ship and the Constellation-class guided-missile frigate suffered a ransomware attack last week that delayed production across the shipyard, USNI News has learned.
Fincantieri Marinette Marine experienced the attack in the early morning hours of April 12, when large chunks of data on the shipyard’s network servers were rendered unusable by an unknown professional group, two sources familiar with a Navy summary of the attack told USNI News on Thursday.