August 14, 2009, 2:05 PM — Sometimes, those of us in the computer biz get so wrapped up in the techie details that we forget that many people don't know what we think are the basics. For example, a really smart, computer-savvy friend of mine recently asked me, "What is a botnet anyway?" Whoops! Clearly, it's time for me to do some explaining.
So, to start with his question, Botnets are networks of Windows PC, which have been taken over by malware programs. While it's theoretically possible that a Mac or a Linux desktop PC could get a botnet malware bug, in practice, their better security makes them harder targets for botnet creators so they avoid them.
Your computer typically gets infected by botnet malware by a virus or worm. You get these by opening up an infected attachment or by visiting an infected Web site. Most modern anti-viral programs like AVG, Norton Anti-Virus, or Kaspersky Anti-Virus, will keep your machine safe from these attackers. If, that is, you keep your security programs up-to-date. Stale anti-viral software is worst than useless.
Once in place the worm will install a botnet client. This program, in turn, will call home to its controller to let him or her know that another zombie PC has been signed up for duty.
You, however, may not notice anything is wrong at all. At most, you may notice that every now and again that your PC is a little slow at times in working on the net, but that will be all. Heck, you may not even see that. Botnet software, to avoid being detected, isn't active all the time and modern botnet programs will wait until you're not working on your PC to start up their mischief. This isn't your 1990s malware where wrecking your PC was part of the malicious fun. Today's malware writers want to use your PC for their own purposes.
Once your computer has been made a zombie, it can used for any number of things. If you're personally unlucky, you'll get one like 'Clampi,' which will steal your credit card and bank information.
What's more common though is that the zombie will be used to spread more copies of itself, send spam, and launch DDoS (Distributed Denial of Service) attacks on businesses and other Internet sites. Millions of Windows PCs are already working in botnets.
What the botnet will end up doing depends on what the botnet master wants it to do. That may not, however, be its creator. You see, botnets often aren't controlled by their makers these days. Instead, they rent them out, just like any other service, to professional spammers, malcontents and thieves.
They, in turn, control exactly what your PC will do by issuing commands using a variety of means. It used to be that IM (instant messaging) like IRC (Internet Relay Chat) was the preferred way to do this. Lately, though, to avoid detection, they've taken to using social networking tools like Twitter.
Once in place, you can rip out botnet software with the anti-viral tools, but it can be a real pain. The better thing to do is to avoid getting a case in the first place. The Internet is a dangerous place, especially for Windows users, and practicing safe computing isn't just a good idea, it's a necessity if you don't want your PC to be dragooned into a botnet.
