Big botnets and how to stop them

Here are the worst of the botnets, and ways you can try to stop them in their tracks

By , ITworld |  Security, botnet, botnets

OK, so what else can you do if you stick with Windows?

Manky highly recommends having nothing to do with files from outside your company or home unless you know that they're from a trusted source. He said, "Beware of poisoned documents: PDF, XLS and DOC files are routinely exploited to drop botnet binaries."

Adobe PDFs, in particular, are being abused by both botnet users and more run of the mill malware authors. Worst still, few people seem to be updating their PDF readers even as more and more attacks using PDFs appear. While updating your software isn't any guarantee of safety, not updating it does guarantee that your chances of getting into trouble have increased.

Bradley Anstis, VP of Technology Strategy for M86 Security, a network security stated that, "It's been proven that one of the biggest first steps organizations can take to secure their company PCs is by stripping users of administrator access. We see a lot of malware installs happening on systems that are unpatched and users running out-of-date and vulnerable browsers, such as Internet Explorer. A step that all users can take is to use a browser that allows for white-listing of JavaScript. The Firefox add-on, NoScript helps to achieve this and can help to secure your system from malicious JavaScript."

Of course, the downside of NoScript and similar programs is that many Websites rely on JavaScript to display properly. Setting it to let the right Web pages show with JavaScript can be time consuming. And, there's always the problem that ad sites, which can display ads on any page, have been known to have been infected with poisoned JavaScript scripts. This means that even a trusted web page may turn out to have a source for infection.

Still, as Wang said, "In a business setting the addition of Web filtering can go a long way towards keeping bots away from your PCs. The Web is the principal means of distribution for malicious software so blocking access to known sources of malware and scanning content from everywhere else is a must for any security setup."

A good firewall can also help. While a firewall won't stop a botnet infection per se, it can block the network ports used by botnet controllers to point and shot the botnet software.

Unfortunately, while botnets used to use such relatively obscure ports as IRC's (Internet Relay Chat) TCP 6660-6669, which were easy to block. "Now," as Manky noted, "they have evolved to use common ports such as HTTP (80) and HTTPS (443) but with common protocols, that are encrypted with their own algorithms to evade detection. Peer-to-peer networks have also been established to make the botnet more bullet-proof to take down."

What it all boils down to is that there's no easy way to stop botnets. All you can do is practice all the usual PC security steps, keep your firewall guard up, and keep a close eye on your network traffic logs for any unusual activity. And, realize that even that may not be enough and you may have to eventually repair your Windows systems if you discover that your friendly PC is now under the control of an enemy.

Good luck. We all need it.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness