How to tell if you're part of Botnet
Earlier this year, Dyn, one of the biggest DNS providers came under attack by a massive botnet. If you remember huge swaths of the internet going down for part of the day, that’s what that was all about. This was a Distributed Denial of Service (DDoS) attack, which basically means that a bunch of computers started sending requests to Dyn’s servers until they overloaded and broke it.
Take over my computer? But who would do such a thing?
In a way, it was people like you and me. But not voluntarily, of course. Rather, some hackers had installed malware on a bunch of computers and consumers who have not secured their Internet of Things (IoT) devices like web cameras, DVRs, and thermostats and used them to launch the DDoS attack against a target of their choosing.
Editors Note: Unclear what all the buzz about the Internet of Things is? Read our introduction to IoT. The article reviews the basics of IoT and why it’s important you understand them before filling your home with smart devices.
This is what they call a botnet. A botWhat??
A botnet is one part of a Command and Control (CnC) attack. Here’s how it works. Malicious groups spread malicious software (aka malware) to as many computers on the internet as possible — I’m talking millions of devices. Then, they sell the ability to control all those devices to someone even more malicious. These people then use the botnet to launch a coordinated attack across the internet. Normally this takes the form of a DDoS attack, email SPAM storm. However, it can also then be used to increase the size of the botnet by attacking more devices or perhaps silently sitting back and just collecting data from millions of infected devices.
The big attack on DynDNS was something of a test run. This was to demonstrate the power of a botnet. The damage was widespread, and the chaos was rampant, taking down huge services you likely use every day. In other words, a powerful marketing tool for peddlers of viruses and malware—don’t expect this to be the last you’ve heard about botnet attacks.
So, the question you are probably asking (or should be asking…) is this:
- How do I protect myself from becoming part of a botnet?
- And how can I tell if I’m already part of one ?
Image credit: CC BY-SA 3.0, Zombie Process
How to Detect and Prevent Botnet Malware Infections
There’s good news and bad news to this. The bad news is that botnet malware is meant to go undetected. As a sleeper agent, it keeps a low profile on your system once it’s installed. In theory, your antivirus and security software should detect it and remove it. That is as long as the antivirus companies know about it.
The good news is that there are some simple and free ways to mitigate the damage that you can do if your computer becomes part of a zombie botnet.
- Use an alternative DNS provider. DNS stands for domain name service, and it’s the process by which domain names (e.g. groovypost.com) get translated into IP addresses (e.g. 64.90.59.127). This is a pretty basic function for the most part, and usually, your ISP handles it. But you can choose a different DNS server that has a little bit of added value. OpenDNS does that for you, but they also take the extra step of making sure you’re not accessing known malicious content. It’s sort of like if you were to call the operator and be like “Operator, connect me to Mr. Jones!” and the operator was like “Um, you know Mr. Jones is a total scam artist, right?” OpenDNS will also be able to tell you if you are part of a botnet by recognizing the patterns of known botnet attacks.
- Get a good router. If the DNS server is the operator between your house and the internet, your router is the operator between your ISP and your devices. Or maybe it’s like your DNS server is the FBI and your router is the local police force. Too many analogies? Okay, sorry. Anyway, in the same way, that your DNS server can add a layer of security, your router can, too. My ASUS router detects malware and blocks malicious sites. Many modern routers do so as well. So, if you haven’t upgraded your router in 10 years, you should consider it, even if it’s working perfectly fine.
- Check botnet status sites. There are two sites that provide free botnet checks: Kaspersky’s Simda Botnet IP Scanner and Sonicwall’s Botnet IP Lookup. When you catch wind of a botnet attack, pop on to these sites to see if you’re part of the problem.
- Keep an eye on your Windows processes. If you open up the Task Manager in Windows 10, you can see which processes are using your network. Do a brief survey of these and take note of anything that looks suspicious. For example, it makes sense that Spotify is using the internet, but what about that weird process you’ve never heard of? For more info, check this out: Windows 10 Tip: Find Out What a Process Does the Easy Way. You might also want to check out Netlimiter for Windows and Little Snitch for Mac.
Use an alternative DNS provider. DNS stands for domain name service, and it’s the process by which domain names (e.g. groovypost.com) get translated into IP addresses (e.g. 64.90.59.127). This is a pretty basic function for the most part, and usually, your ISP handles it. But you can choose a different DNS server that has a little bit of added value. 
Check botnet status sites. There are two sites that provide free botnet checks:
Those are the basic steps that any responsible tech user can do. Of course, as evildoers on the web continue to grow and their attacks grow more sophisticated, I encourage you to continue getting educated on how to stay safe online.
No comments