About Botnets
A “bot” or “botnet” is a program installed on a system to enable that system to automatically (or semi-automatically) perform a task or set of tasks typically under the command and control of a nefarious remote administrator, or “bot master.” Such bots may have been installed surreptitiously without the user’s understanding or knowledge and are often installed, unknowingly as part of another download or prompted user interaction.
Bots present a major problem for a number of reasons. First, these bots can be used to send spam, in some cases very large volumes of spam, including deceptive and or malicious email. Bots can act as platforms for directing, participating in, or otherwise conducting attacks on critical Internet infrastructure, including the distribution of key-loggers and spyware. Bots are frequently used as part of coordinated Distributed Denial of Service (DDoS) attacks motivated by criminal, political, or other goals.
The two major attack vectors of bots and malware are spoofed and forged email and compromised site content and advertising (malvertising). Fortunately there are simple non-proprietary solutions businesses and government agencies can deploy today to help counter and block these threats.
The growth of bot-infected end user devices represents a significant threat to the vitality and resiliency of the Internet and to the digital economy. Bots are a global problem requiring the entire ecosystem to work together, as bots threaten to undermine online trust and confidence underlying the foundation of the digital economy.
Bots risk compromising sensitive and personal data from consumers as well as businesses and government agencies, which can lead to online fraud and hijacking of online accounts impacting commerce and banking sites worldwide. They can lead to attacks against public and private networks, and exploitation of end users’ computing power and Internet access. The growth and sophistication of bots have spread from the PC to all platforms (Windows, Linux and Mac OS), mobile devices and smartphones to critical infrastructure.
Best Practices
Harden your systems – Advice for Businesses & Consumers
How can you (and your business) help curb the spread of botnets and malware? Bots impact every user from the casual home user to businesses and government agencies worldwide. They are able to proliferate as a result of a combination of vulnerabilities and through socially engineered exploits.
- Set all systems to automatically download and install patches
- Install and update anti-virus software and solutions
- Use a third-party solution to automatically scan and update all applications, extensions and add ons.
- Update to Always On SSL to encrypt user logins and communications to help prevent online snooping and capturing of log on credentials
- Authenticate your email & domains with SPF, DKIM & DMARC to help prevent the delivery of spoofed and forged email
Anti-botnet Resources
- Botnet Remediation Best Practices
- Risk Evaluation Framework for Hosters & Cloud Service Providers Presentation
- Combatting Botnets Through User Notification Across the Ecosystem
- OTA Remediation White Paper
- OTA Releases Anti-Botnet Notification White Paper
- OTA Joins White House in National Effort to Help Protect Citizens and Online Commerce from the Threats of Botnets
- Video of White House Botnet Initiative
Related Efforts and Resources
- Microsoft Safety Scanner – The Microsoft Safety Scanner (MSS) is a free security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software. Note: The MSS is not a replacement for using an antivirus software program that provides ongoing protection.
- PayPal – Security Center
- Norton – Security Resource Center
- Department of Homeland Security – Stop. Think. Connect. Campaign
- European Network & Information Security Agency (ENISA) Botnets: Measurement, Detection, Disinfection and Defense
- FCC Cybersecurity Center
- IETF RFC 6561 – Recommendations for the Remediation of Bots in ISP Networks
- National Cyber Security Alliance