My main focus as an IT consultant is software applications specific to the legal industry. On the other hand, I try to stay informed about networking, security and other IT issues. So, when both eWeek and Information Week recently ran stories about Botnets (a term I had never heard), my interest was definitely piqued.
A botnet is a collection of compromised PCs with broadband access. Individual systems are compromised by viruses or worms that allow them to connect back to a server and receive commands. A PC compromised in this way becomes a zombie that transmits commands and makes money for computer criminal networks around the world. For-profit botnets can do everything from steal credit card information, log keystrokes, relay spam, engage in click fraud, and manipulate online polls and games. Botnets are a significant threat because, even when an infected computer is discovered and disinfected, the botnet is able to replace it with another very quickly.
What can you do to protect yourself? First you need to understand that botnets thrive on lax computer security and are often linked to spam and phishing attacks. This means that keeping up to date on Windows security and other anti-malware measures is critical. Of course, most malware attacks work because someone ultimately clicks on a suspicious link or executable, so knowledge of what to look for is critical in this regard. Obviously, you should never click on an email link that asks to “Click here to login to your account” or something similar.
Apparently, many computer users are not heeding this simple advice. Anti-virus vendor Symantec estimates that 4.7 million computers worldwide were actively used in botnets during the first half of 2006 and Trend Micro estimates this number to be even higher.