How to Stay Out of Botnets

Just finished reading this article on USAToday, Botnet scams are exploding, about how much botnets have increased and how they estimate that on a typical day, 40% of the 800 million computers on the internet are in a botnet. That is just ridiculous, but, probably true. Why? People don’t want to have to do anything to make something work, they just want it to work, and while you can buy a car and jump in it and take off, the same cannot be said for computers. With a new computer, you are already in the whole because you need to make sure your anti virus is up to date, make sure your machine has all of the latest patches and get some kind of spyware scanner. But, who wants to do all of that? Most people just jump online and take off, which is a bad, bad thing, unless you have been on the internet for awhile and actually know not to open emails from people you don’t know, etc. While this article on USAToday is good in informing the public about botnets, it does nothing to let you know how to keep them off of your computer.

Two days after actor Heath Ledger died, e-mails began moving across the Internet purportedly carrying a link to a detailed police report divulging “the real reason” behind the actor’s death. Ledger had been summarily drafted into the service of a botnet.

Bots are compromised computers controlled by profit-minded crooks. Those e-mails were spread by a network of thousands of bots, called a botnet. Anyone who clicked on the link got instantly absorbed into the fast-spreading Mega-D botnet, says security firm Marshal. Mega-D enriches its operators, mainly by distributing spam for male-enhancement pills.

Largely unnoticed by the public, botnets have come to inundate the Internet. On a typical day, 40% of the 800 million computers connected to the Internet are bots engaged in distributing e-mail spam, stealing sensitive data typed at banking and shopping websites, bombarding websites as part of extortionist denial-of-service attacks, and spreading fresh infections, says Rick Wesson, CEO of Support Intelligence, a San Francisco-based company that tracks and sells threat data.

The whole article is worth a read for sure, as you get some background info on how botnets work and what some of the current botnet “herders” are doing and how they evade the scanning systems, etc, of the gate keepers, such as your ISP. So, if you are buying a new computer, here is how to get started safely on the internet. I will post an article later and link to it from here for the ones who are already infected or think they might be.

Download all of the latest patches from Windows Update and install them. Make sure to set your computer to download the latest patches and to notify you when they are received. This is how computers end up in botnets, unpatched computers. If their is a hole in your operating system somebody will, or already is, exploiting it somewhere, a patched and up to date computer is your best friend. If you are surfing with an unpatched computer you are just asking for trouble eventually, mark my words.

In Internet Explorer, click on tools, then click on Windows Update. Or, you can go to www.windowsupdate.com, it should redirect you to the latest version. If you have other Microsoft products installed, like Microsoft Office, go ahead and click on the Upgrade to Microsoft Update link on the right, and you can get the latest patches automatically for those programs as well. Select and install all of the patches that it brings up and have a seat as this could take awhile.

Windows Update

Next, update the antivirus software you have installed, or install the one you are going to use and then update it, most will have a button that says check for updates when you go into the program. In the screenshot, using Network Associates Virusscan, you can click on Auto Update and the click the green arrow to go at the top. Once that is done, double click auto update and then click on schedule to set it to automatically get the updates everyday. I would set it to check at least once daily, maybe twice, if you leave it on all day. Note: Each program is different, the steps to do this will be in the manual or are probably easily found on their website.

Network Associates Antivirus

Download a spyware/malware scanner, my advice is to get more than one as all of these programs are not the same. Some will catch infections that others will not. If I have missed one that you like or recommend, drop a comment and let me know so I can try it. I will be adding others as I go, this list will probably never be comprehensive, as I am only adding the ones that I have used.

Recommended Programs: Spybot, Search and Destroy This program is free and is highly recommended by about everyone I know. Once you have it installed and setup, make sure you go to the immunize tab and let it run. This will stop many spyware or malware programs from even running.

Adaware – They have a pay version, but they have a free version as well here.

AVG Anti Spyware – This one is free for a month, then you will need to pay for it. It is worth paying for and they probably have a lot more customers because of me. I have caught malware on several machines that most free one’s do not find.

Prevx – They also sell this program, but they have a free pc check here. This is another program that has caught several malware programs for me that the others did not.

Microsoft Oncecare – Microsoft has really done a pretty good job with this program, if you look at the Prevx site listed above, you can see by the graph on the front page that it caught more stuff than a lot of the other programs. This is a pay program as well, but they have a 90 day free trial.

X-Cleaner – Another program you have to pay for, this one is also excellent and frequently updated. The makers of this program have a free online scan here.

Panda Antivirus – This is a 30 day free trial.

Once your spyware scanner is installed, your computer is patched and your anti virus is updated, you should be covered from most things, but there are always ways to get you. Spam is the botnets biggest weapon as they can spam out interesting things to get you to click on them, once clicked, you will be redirected to or through their site, their botnet program is installed, and it may likely forward you to a proper site, and you may not even have noticed what just happened. So, in your email program, set it to read email in plain text format to keep them from being able to do anything to your computer without you even opening an email, or, if you prefer the graphical format, you should get rid of the preview pane so it does not automatically run any programs or display any pictures.

Another suggestion is to use an alternate browser, such as Firefox, that are widely considered as being more secure.

Anyway, that is my little take and something they should’ve added to the article, or published in another article to actually help keep people out of spammers botnets.

Keep your computer clean and it will run better, faster and last a lot longer, guaranteed.

Note: Now all you techies out there are going to say, you can do this, you need to run that, use this operating system, etc. I’m not saying that this is comprehensive at all, but, the absolute minimum you should do is on this page. But I would also recommend not running under and administrator account, turning on your firewall, turning off your computers or your internet access when it is not being used, not opening emails from strangers, not opening strange emails from people you know without asking them what it is, and always pay attention to the websites you are going to online. When you click on a link, if you hold it down, it will show you where you are going, you can slide your mouse off without releasing the button to keep from going there or just letting go of the button to go ahead and visit that website. This article will change as necessary.