Here's how to tell if you're infected
Botnets are big, bad, and widespread - but if your system is infected, you can take several simple steps to clean it and stay safe.
Botnets live or die depending on communications with their CnC servers. Those communications can tell researchers how large a botnet is. Similarly, the flood of communications in and out of your PC helps antimalware apps detect a known bot.
"Sadly, the lack of antivirus alerts isn't an indicator of a clean PC," says Nazario.
"Antivirus software simply can't keep up with the number of threats. It's frustrating [that] we don't have significantly better solutions for the average home user, more widely deployed."
Even if your PC antivirus check comes out clean, be vigilant. Microsoft provides a free Malicious Software Removal Tool.
One version of the tool, available from both Microsoft Update and Windows Update, is updated monthly; it runs in the background on the second Tuesday of each month and reports to Microsoft whenever it finds and removes an infection.
You can use another version of the Malicious Software Removal Tool, downloadable at Microsoft's site, at any time, and you should run the utility if you notice a sudden change in your PC's behavior.
The Malicious Software Removal Tool garners results. In September 2007, Microsoft added to the utility the ability to recognise the Storm bot. Overnight the size of the Storm botnet was reduced by as much as 20 percent. Microsoft has since added other prevalent botnets to the tool's list, such as Conficker and Szribi.
Proactive options are also available. BotHunter, a free program from SRI International, works with Unix, Linux, Mac OS, Windows XP, and Vista. Though designed for networks, it can also run on stand-alone desktops and laptops.
BotHunter listens passively to internet traffic through your machine and keeps a log of data exchanges that typically occur when a PC is infected with malware.
Occasionally, to improve its definitions, BotHunter sends outbound messages to an SRI International database of adware, spyware, viruses, and worms. BotHunter first recognised Conficker data-exchange patterns back in November 2008, well before other security vendors picked up on the threat.
If only to demonstrate their resiliency, bots have recently invaded mobile phones, too. Trend Micro reported that the Sexy View SMS malware on the Symbian mobile OS can contact a CnC server to retrieve new SMS spam templates.
While a botnet on a mobile phone may look different from one on a PC, the idea of renting out a network of 'owned' phones may be viable in the near future. Regardless of the form bots might take, we probably won't be able to eradicate the threat; we can only learn to better manage bot infestations. But in the meantime, let's clean up as many PCs as we can.
See also: Botnets responsible for 60% of spam
- The rise of botnets
- How to find and destroy a botnet infection