Bots and Botnets – SY0-601 CompTIA Security+ : 1.2

Is your computer under the control of someone else? In this video, you’ll learn about bots, botnets, and how to stop the bot in its tracks.

<< Previous Video: Spyware Next: Logic Bombs >>

 

 


The malware term “bot” stands for robot. And it’s a term to describe the automation that occurs behind the scenes when your system is taken over by this type of malware. Once it gets on your computer, it can control almost any aspect of your operating system. This type of software is installed in your system through a Trojan horse, through vulnerability in an operating system or an application, or alongside an application that you’re installing normally.

The bot malware on a computer is working along with other computers that are infected with the same bot malware to create a botnet. This botnet is controlled through a Command and Control server or C&C server. The C&C server is responsible for sending out commands. Those commands will be received by the botnet. And then the botnet will perform whatever function has been asked of it by the C&C.

As you can imagine, all of these systems, under the control of somebody nefarious, can create some significant problems. Having all of these systems work together can create a massive denial of service. And because it’s so many different systems located in so many different places, it’s a DDoS, a Distributed Denial of Service. These systems can also act as proxies or relays for spam, network traffic, and other types of tasks. And very large botnets can be rented out to third parties, effectively creating a distributed denial of service as a service.

If you’d like a view of what botnets may be active anywhere in the world at any time, you can visit map.lookingglasscyber.com. And you can see the number of infections per second, live attacks, the number and type of botnets, and the countries where those botnets are communicating.

One way to stop a botnet is to make sure that it’s not installed in the first place. So you want to be sure that your operating system and your applications are running the latest security patches. And make sure that your antivirus and anti-malware software have all of the latest signatures.

You can often identify an active infection by scanning an on-demand anti-malware scan and watching the network for any unusual traffic patterns. And if you know the type of network flows that will be used for the command and control, you can block that at the firewall or with an IPS or firewall at the workstation level.