How do you detect a botnet? Impossible, right?
in [Anti-Virus]
|
Prev: OpenTablet 7 is iPad alternative, Specs, Reviews and Prices
Next: How do you detect a botnet? Impossible, right?
From: Ant on 18 Feb 2010 15:48 "Bad Boy Charlie" wrote: > On Thu, 18 Feb 2010 18:25:08 -0000, "Ant" wrote: >>"RayLopez99" wrote: >>> Followup: if Bank of America's FTP servers have Zeus key logging >>> software on it (as says another article), >> >>Which article? So who's claiming BoA servers are compromised? > Good reply Ant especially the obvious innuendo that all users should > know what processes and apps are normally running and to be aware of > apps and processes you don't recognize. If they don't understand the system, then better to get a competent technician to sort it out. > I do just that and have for > some time. I can say that Task Manager/Processes is our friend....good > answer. It's a start but won't necessarily indicate infected legitimate processes (code injection) or show malicious drivers (rootkits) at work. > Even though many of us (especially those of us on Usenet) have some > measure of technical savvy I long for the day when PCs can be run as > innocently as the kitchen toaster for everyone's ease of use and so they > can get more work or play done without needing to be a cyber cop on > patrol of their own PC. I can't see that ever happening. As long as people are free to run any code they wish on their systems there's always a risk. A PC is not just another appliance or entertainment centre, much as companies like Microsoft would like the general public to think so. The more complex and sophisticated these devices get the more opportunities arise for exploitation. Take cell phones, for example; they have an operating system, all sorts of code widgets that can run on them and have been subject to attack.
From: David H. Lipman on 18 Feb 2010 17:22 From: "RayLopez99" <raylopez88(a)gmail.com> | http://en.wikipedia.org/wiki/Botnet | So the question arises, if 'up to a quarter of all PCs are infected by | botnets' (see Wiki above), and presumably most of these PCs have anti- | virus software, how do you detect a botnet residing on your PC? | Assume you do a thorough (full) scan of your HD using commercially | available antivirus software like Kaspersky or Webroot Antivirus. | Followup: if Bank of America's FTP servers have Zeus key logging | software on it (as says another article), does that mean when I log | onto BAC's servers to check my online bank account, that this | keylogging software is checking my password? I guess the answer is | yes. | RL BotHunter by SRI funded by US Army RDECOM http://www.bothunter.net/ Is a good answer to the post's question... How do you detect a botnet ? -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: David Kaye on 19 Feb 2010 05:38
RayLopez99 <raylopez88(a)gmail.com> wrote: >So the question arises, if 'up to a quarter of all PCs are infected by >botnets' (see Wiki above), [....] I think that's a wrong assumption. The only computers I see (besides the occasional HD or video card replacement) are those with malware problems, and I see very few bots. Mostly I see adware. Now I did have a situation a year ago where a mail server from a frozen food company in the Midwest kept hitting my home router. It was a new router, so best I could determine was that the DHCP address I got with the new router had belonged to someone the bot was trying to hit. As to how to detect, you need a port scanner to look at your connections. Also, Zone Alarm is an interesting firewall in that it will warn you about each incoming or outgoing connection attempt that you haven't authorized. |