« Spybot Search and Destroy Definitions Updated on 12/10/2008 | Blog Home | My Spam analysis for December 8 - 14, 2008 »

Bookmark and Share

About computer Bots and how to detect and remove them

Computer "Bot"
Abbreviation for "robot." In this case a software robotic program.

A computer Bot is a remotely controlled malware program that is installed onto a computer without the knowledge or consent of the computer's owner. This type of program may have complete control over the operation of that computer and its Internet functions, but usually does not reveal its presence to the computer's owner or users, or try to interfere with the normal operation of that computer.

All Bots work in stealth mode, so as to prolong their useful lifetime on each computer they infect. Because Bots operate behind the scenes, sometimes as rootkits, special anti-malware tools are often needed to detect and remove them. Some Bots may even uninstall themselves if the computer or its Internet connection don't meet the minimum requirements set by the person running them.

When a Bot is installed onto a computer that computer will not only be remotely controlled, but will become an unwitting member of a network of similar Bots, known as a "Botnet." Bots are accumulated into Botnets by "Bot Herders" who rent the use of their remote controlled networks to spammers, scammers, phishers, political anarchists, hackers and even terrorists. A Botnet in action is under the remote command and control of a criminal known as a "Bot Master."

When a computer is first infected by a Bot it will perform certain pre-programmed routines, including "phoning home" to register itself on the Botnet it belongs to and to supply details about the computer onto which it is installed. Some of these details are about the operating system and amount of memory installed, the infected user's identity on the computer, the password for the Administrator account, what, if any security programs are installed, the type of Internet connection used and the IP address of both the computer and the modem (if different). It will then receive files to be consulted and used as it operates. It may also be given some means of protecting its own executables and auxiliary support files, to ensure its continued existence if it is detected by the owner.

Unless you are an expert in securing your computer and operate with reduced user privileges, you should be asking yourself: "am I botted?" Don't leave this question unanswered! Find out now! There are a variety of new, specialized security tools available that will detect and remove modern Bot infections. Some really good Bot detection tools are listed in my extended comments.

Once infected with a Bot, a computer will go through cycles of activity, followed by periods of inactivity, at the discretion of the Bot Master. Because Bots do not perform their hostile functions until they are so-commanded, they are also referred to as "Zombies." In this regard they act much like the "sleeper agents" written about in espionage novels about the Cold War. When awakened by remote command, the Bots, like sleeper agents, will do the evil they are programmed to do, then fall silent to await further instructions.

Botnets are controlled by several means, including IRC channels, peer-to-peer networked controller computers, and commercially hosted "Command and Control Servers."

Computers are infected with Bots through a variety of techniques, including hostile links in spam emails and instant messages, hostile JavaScript codes embedded into web pages (with or without knowledge of the website owners), trickery (Trojans - self infection) and social networking site exploits. Some of the tricks used to cause people to infect their own computers with Trojan Bots are phony e-cards and Postcards (favorite of the Storm Botnet), links to view videos where you are informed that you are missing a required or updated Flash player or Codec, and fake security scans that trick you into installing fraudulent security programs to remove the non-existent infections revealed in the fake scan or alert.

There are several major Botnets currently in existence and operating. They have strange names like Srizbi, Rustock, Cutwail, Storm, Kraken, and Mega-D. Some of these Bots are programmed to detect other Bots and fight them off, while others will co-exist with rival Bots. Computers recruited into various Botnets are used to send spam emails, host malware executables and Trojans, host web pages used to commit identity theft (phishing), or promoting counterfeit goods or fake pharmacies, and sometimes to attack other computers, governments and organizations.

Find out if you are Botted

Get 10% Off Norton AntibotThere are millions of computers infected with Bots, World-wide. I urge all of my gentle readers to scan their computers for evidence of Bot infections and have them removed as soon as possible. There are several specialized security tools available that keep up with the constantly changing "Bot-scape." Some go after nothing else and will co-exist with other security software, while others are part of security suites that should not be mixed with other such products. If you already have anti virus and anti spyware protection that you wish to keep, but would like to add a regularly updated application that specifically detects and removes Bots from your computer, Symantec offers a stand-alone program named Norton Antibot. AntiBot costs $29.99 US and allows you to install it onto three PCs at no additional cost. It uses Active Behavioral-Based Analysis that stops and removes malicious bots before they can cause damage, turn you into a spammer, or steal personal information.

Get Smart protection for your home network, covering up to 3 PCs for one low annual price. Trend Micro PC-cillin protects your PCs from viruses, spyware, rootkits, hackers, spam and Bots, with very little load on your computer's resources. Buy PC-cillin 2009 Now!

If you can't afford to pay for security protection for your computer, there is a free downloadable application offered by Trend Micro, called RUBotted. It runs on Windows 2000, XP and Vista computers, in your System Tray area (by the clock). RUBotted is a simple program whose only job is to look for evidence of a possible Bot infection running on the PC on which it is installed. It will flash and alert you if such and infection is detected, or suspected. You will be given the option of visiting the free Trend Micro "HouseCall" malware scanner service, which can not only detect, but also remove most malware it finds. If it can't remove the malware you will be given the option to download a trial version of Trend Micro Internet Security, which will get the job done!

Last, but not least, Microsoft provides a Malicious Software Removal Tool (MSRT), which is updated once a month and released on Patch Tuesdays. This tool is capable of detecting and removing any Bot it is programmed to detect. While it is good at doing its job (Microsoft claims to have destroyed the Storm Botnet with the MSRT), it is limited by having only monthly updates. This tool runs automatically once a month when you download and install your Windows Updates. Use the link above to read about and download the MSRT manually, from Microsoft. Validation is not required at this time, to download and run the MSRT.

Bookmark and Share  

Trend Micro Internet Security products, for home and office users, use in-the-cloud malware definitions that are updated every day, all day, as soon as new or altered strains of viruses and other malware are detected in the wild and analyzed. By offloading the bulk of these ever changing virus definitions to cloud servers, the load on your computers is greatly reduced. All users of Trend security programs are instantly protected from hostile web pages laden with malware exploits and hostile email, by the Trend Micro Smart Protection Network.

Creative Commons License This weblog is licensed under a Creative Commons License.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Powered by
Movable Type 4.38

About the author
Wiz FeinbergWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security and combating spam. Wizcrafts Computer Services was established in 1996.

I produce this blog and website at my own expense. If you find this information valuable please consider making a donation via PayPal.

We are hosted on Bluehost and couldn't be happier!

Fight website spammers