A botnet is a group of Internet-connected personal computers that have been infected by a malicious application, which allows a hacker to control the infected computers without alerting the computer owners. Since the infected PCs are controlled remotely by a single hacker, they are known as bots, robots, or zombies.
Consumers’ and small businesses’ lax security practices are giving scammers a base from which to launch attacks. Hackers use botnets to send spam and phishing emails, and to deliver viruses and other malware.
A botnet can consist of as few as ten PCs, or tens or hundreds of thousands. Millions of personal computers are potentially part of botnets.
Spain-based botnet Mariposa consisted of nearly 13 million zombie PCs in more than 190 countries. Further investigation determined that the botnet included PCs from more than half the Fortune 1000. This botnet’s sole purpose was to gather usernames and passwords for online banking and email services.
There are more than 70 varieties of malware, and while they all operate differently, most are designed to steal data. Mariposa’s technology was built on the “Butterfly” botnet kit, which is available online, and which does not require advanced hacking skills to operate.
The criminals in this operation ran the Mariposa botnet through anonymous virtual private network servers, making it difficult for law enforcement to trace back to the ringleaders.
The botnet problem persists. PCs that aren’t properly secured are at risk of being turned into zombies. Certain user behaviors can also invite attacks.
Surfing pornography websites increases your risk, as does frequenting gaming websites hosted in foreign countries. Downloading pirated content from P2P (peer-to-peer) websites is also risky. Remember, there is no honor among thieves.
Computers with old, outdated, or unsupported operating systems like Windows 95, 98, and 2000 are extremely vulnerable. Systems using old or outdated browsers such as IE 5, 6, or older versions of Firefox offer the path of least resistance.
To protect yourself, update your operating system to XP SP3 or Windows 7. Make sure to set your antivirus software to update automatically. Keep your critical security patches up-to-date by setting Windows Update to run automatically as well. And don’t engage in risky online activities that invite attacks.