Being part of a botnet is no fun. Your computer becomes your worst enemy, watching everything you do, collecting all of your secrets, and then delivering all that data to the bot-herder; the person who originated the network. But what does it really mean to be part of a botnet, and is there anything that can you do about it?
According to a report today from The Associated Press, Internet security company Prevx recently discovered a Web site that was being used as a storage facility for data stolen from 160K infected computers, and the discovery offers an interesting case study.
Sponsor
The storage site was hosted in the Ukraine and its contents showed that the botnet was harvesting data. Information found included passwords, social security numbers, credit card numbers, addresses, telephone numbers and other personal information; quite a treasure chest if you're into identity theft.
"One Southern California 22-year-old could be seen registering a domain name with
GoDaddy.com, changing his Yahoo e-mail password and ordering a meal online from Pizza Hut. His credit card number, birth date, telephone number, address and passwords are now all in criminals' hands, though it's unclear what, if anything, criminals have done with the information yet," the AP notes.
But it wasn't just individuals that were targeted. According to the article, both government and bank sites had also been compromised. The Associated Press contacted one bank customer whose Social Security number and other personal details were compromised during the attack, only to learn that he hadn't been notified by the bank.
Determine whether your PC is part of a botnet
So how can you tell if you're machine is part of a botnet and what can you do about it?
Statistically, Macs are safe from botnets, although not completely immune to all threats as we noted here. But if you have a Windows based machine, Prevx suggests you stay on the lookout for an Internet connection that seems inexplicably slow when you are online as it may be that a botnet infection is using your connection to send or receive data.
"If this happens, stop surfing, close your email software (e.g. Outlook) and try and open Task Manager by pressing the CTRL, ALT and Delete keys at the same time then selecting Task Manager," the company wrote on its blog recently. "When Task manager opens click on the Network tab and see if your PC is using the internet network connection, if it shows more than a few percent usage then this could be further evidence of something using your internet connection without your knowledge."
Prevx also suggests downloading another security product if you are suspicious, and recommends you use an alternative security product. "If your PC is infected then it is almost certain that your existing security product has already let you down."
Some of the free tools available include RUBotted (Beta) from Trend Micro, BotHunter from SRI International, or try an online virus scan with the Windows Live OneCare safety scanner.
For a primer on botnets, take a look at this short video from Symantec.
Discuss
译文:
你的电脑成为肉鸡了吗?
沦为僵尸网络的肉鸡并不好玩。你的电脑成了你最可怕的敌人,它看着你的一举一动,收集你所有的秘密,然后将这些数据传送给僵尸牧人---发起僵尸网络的人。那成为僵尸网络的一部分究竟是什么意思呢?你有没有反抗的余地?
根据来自美联社今天的一份报告,网络安全公司Prevx最近发现一个网站被用作从160,000台受病毒感染的电脑中偷来的数据存储设备。这一发现提供了一个有趣的研究案例。
这个存储站点的服务器在乌克兰。从其内容可以看出它正在捕获数据。这些信息包括密码,社保号码,信用卡号码,地址,电话号码和其他个人信息。如果你是一个贼的话,这里绝对是一个百宝箱。
赞助商
美联社说:“一个22岁的南加州男孩被窥见在GoDaddy.com上注册域名,修改Yahoo e-mail的密码和在线在必胜客(Pizza Hut)订购了一顿饭。他的信用卡号码,出生日期,电话号码,地址和密码全部到了犯罪嫌疑人的手里,虽然可能他还不知道这些信息对犯罪嫌疑人有什么用“
但是,成为攻击目标的不仅仅是个人。该文章称,连政府和银行的网站都受到了侵害。有一位银行的储户,他的社保号码和个人信息都在这次的攻击中被窃取。美联社记者联系了他,但是只知道银行还没有通知他。
查出你的电脑是否已经成了肉鸡
怎么知道你的电脑已经成了僵尸网络的一部分?应该采取什么行动?
数据表明,尽管不能完全免疫完我们在这儿提及的这些威胁,苹果机还是很安全的。但是如果你用的是windows系统的机器,Prevx建议你要留意网络链接。当你在上网的时候感觉出奇地慢的时候,或许一个受感染的竟是网络正在利用你的连接发送或者接收数据。
该公司在最近的博文中写道:“如果是这样,马上停止上网,关闭你的E-mail软件(比如Outlook),同时按CTRL, ALT 和 Delete以尝试打开任务管理器,然后选择任务管理器。打开任务管理器之后,点击‘联网’标签看看你的电脑是不是在用着本地链接。如果显示多出几个百分比,这就能有力地证明你的本地连接正在被使用并且未得到你的许可。”
如果你还在怀疑,Prevx建议你下载一个别的杀毒软件并且推荐你使用另一个牌子的杀毒软件。“如果你的电脑受到感染,那么,你现在使用的杀毒软件已经让你失望了。”
一些免费使用的杀毒工具包括来自Trend Micro的RUBotted (Beta版本),来自SRI International的BotHunter ,或者试试Windows Live OneCare(微软一体化系统安全解决方案)在线扫描病毒。
关于僵尸网络的入门介绍,可以看看来自赛门铁克(Symantec)的一个视频短片。
Discuss