+5 votes
195 views
in Security by (242k points)
reopened
How to protect yourself from botnets

1 Answer

+3 votes
by (1.6m points)
edited
 
Best answer

Botnet - what is it?
How does a botnet work?
What are botnets used for?
How do you detect a botnet?
How can you protect yourself from botnets?

image

How to protect yourself from botnets

Computer networks make it possible to share the power of the computer itself and, therefore, carry out complex and high-performance tasks more quickly . However, this technology is often used for illegal purposes in most cases, so the term botnet usually has a negative connotation. We explain what a botnet is , how you can protect yourself from it and what you can do if your computer has been infected with a malicious botnet ..

Index
  1. Botnet - what is it?
  2. How does a botnet work?
  3. What are botnets used for?
  4. How do you detect a botnet?
  5. How can you protect yourself from botnets?

Botnet - what is it?

A botnet is a network of computers that is used to carry out various routine tasks. A distinction is made between legitimate and malicious botnets : the former ensure the proper functioning of websites or the IRC ( Internet Relay Chat ) and are also used in research projects, in order to implement complex IT processes more quickly. The best-known example is the SETI @ home project at the University of Berkeley, which makes it possible to use part of the power of the computer itself to collaborate in the search for intelligent extraterrestrial life.

Definition

Botnet : A botnet is a network of computer equipment that provides resources to carry out routine tasks, such as sending e-mails or visiting web pages. Although these networks can be used to perform productive tasks, the term is often associated with a common form of cyberattack..

The botnets malicious are often used to send spam or usurp user data and can spread in four different ways. In order to quickly and easily infect third-party computers with malware , cybercriminals use so-called web crawlers, software that is also used by search engines. These programs inspect and analyze web pages over the Internet. As soon as they find vulnerabilities and examine them, they install malware on the website or send it by email.

image
Botnets are run by a botmaster, who distributes routine tasks to so-called zombie PCs: sending spam, stealing user data, visiting and analyzing web pages, and spreading the botnet itself.

The most prevalent thing about botnets is the distribution of malware by email. In this case, the botnet is used for its own expansion: the recipient receives an email with a setup program asking them to download the attachment. As soon as you open the file, the malware installs in the background and your computer becomes part of the botnet ..

Another form of attack is the voluntary downloading of a program: apparently harmless software is presented that the user downloads and runs. However, the application hides a Trojan horse . Today, more and more legal programs are being hacked and turned into hosts for Trojans.

On the other hand, exploits can be used to spread the botnet . This type of software takes advantage of security gaps in the browser or operating system to incorporate the computer into the network. Although some exploits still require the user to actively click on a link, there are more and more drive-by infections , in which malicious code is executed directly when visiting a web page. In this way, even popular pages that are not related in any way to the botnet can also get infected.

The least used form of propagation is manual installation , which is often used more with servers, since they have good network connections and offer more power.

How does a botnet work?

The creation of the network begins with the introduction of a bot into a foreign computer. This bot works in the background and, in most cases, unnoticed by the device owner. After the attack is complete, the computer is remotely controlled to perform simple tasks. Since the devices are managed by a third party, the computers that are part of the botnet are called zombie PCs .

The zombie PCs communicate with each other over the Internet and receive instructions from the botmaster . Since zombie PCs can only be controlled over the internet, they are only active when they are turned on and connected to the network. The botmaster gives the same commands to all the zombie PCs , whether it's visiting a web page, sending spam, or launching a DDoS attack.

What are botnets used for?

The goal of a botnet is to use the power of computers on the network to carry out routine tasks . Most botnets are used for criminal purposes. For example, through them, cybercriminals steal important information and data that they later sell on the Internet black market, the so-called darknet , or that they use themselves.

The botnets are also ideal for sending spam , for example, emails of phishing . With this method, malicious activities are carried out through a third party's computer and the actual criminal remains hidden.

As you can see, botnets can be used for fraudulent purposes in a wide variety of ways. Denial of service attacks are often perpetrated with them: in these cases, network computers are used to generate massive traffic on a web page, saturating the servers and interrupting the online offer. These attacks can lead to immense financial losses for the operator of the page, especially in the e-commerce sector.

Accessing third-party computers also allows obtaining information about users, including their tastes and interests. By analyzing this data, the botmaster can replace the currently displayed advertising with one adapted to the user.

How do you detect a botnet?

Since all botnet processes take place in the background, it is often difficult for the common user to detect them. However, there are some signs that can tell us that the computer has been infected.

For example, if you observe that the Internet connection slows down a lot or that the data processing is higher than normal, although the consumption remains the same, you should investigate, because those are quite characteristic signals. In this case, a virus scan could detect malware and unmask a possible botnet . Sometimes the task manager shows unknown processes or there are rogue applications that start automatically, which can also point to a botnet .

How can you protect yourself from botnets?

Although professional cybercriminals can exploit even the most subtle security breaches, defending against their attacks is possible. The golden rule is prevention . There are several things to keep in mind to protect your computer as best as possible from cyberattacks.

On the one hand, it is highly recommended to install an antivirus program , which is obvious to most users. Another important aspect is the firewall or firewall, which should be well configured to offer the best possible protection. Also, you should always keep your operating system and all installed programs up to date, which means updating your software regularly to prevent outdated versions from causing gaps. It is also a good idea to install a browser protection program that detects phishing pages , recognizes malware and warns the user about them.

As many computers are infected by email, it is important to protect these accounts to avoid attacks. In general, it is recommended not to open attachments in untrusted emails, such as unexpected invoices. Also, ignore emails from suspected banks with questionable links and questionable spelling.

In general, it is advisable to use a user account without administrator rights , limiting the use of rights to exceptional cases. Generally, extensive rights are required to change the configuration of the computer's operating system, so using a normal user account reduces the risk that some type of malware could reach the depths of the system.


...