How-To

How to Tell If You’re Part of a Botnet

When DynDNS went down and broke the internet, it was because thousands of infected computers in homes like yours had been hijacked and used to launch a massive denial of service attack. Here’s a brief guide to help protect yourself from being an unwilling participant in the next zombie computer apocalypse.

Earlier this year, Dyn, one of the biggest DNS providers, came under attack by a massive botnet. If you remember huge swaths of the internet going down for part of the day, that’s what that was all about. This was a Distributed Denial of Service (DDoS) attack, which basically means that many computers started sending requests to Dyn’s servers until they overloaded and broke it.

screenshot-2016-11-30-at-9-12-41-pm

Take over my computer? But who would do such a thing?

In a way, it was people like you and me. But not voluntarily, of course. Rather, some hackers had installed malware on many computers and consumers who have not secured their Internet of Things (IoT) devices like web cameras, DVRs, and thermostats and used them to launch the DDoS attack against a target of their choosing.

Editors Note: Unclear what all the buzz about the Internet of Things is. Read our introduction to IoT. The article reviews the basics of IoT and why it’s important you understand them before filling your home with smart devices.

This is what they call a botnet. A botWhat??

A botnet is one part of a Command and Control (CnC) attack. Here’s how it works. Malicious groups spread malicious software (aka malware) to as many computers on the internet as possible — I’m talking millions of devices. Then, they sell the ability to control all those devices to someone even more malicious. These people then use the botnet to launch a coordinated attack across the internet. Normally, this takes the form of a DDoS attack email SPAM storm. However, it can also be used to increase the botnet’s size by attacking more devices or perhaps silently sitting back and just collecting data from millions of infected devices.

The big attack on DynDNS was something of a test run. This was to demonstrate the power of a botnet. The damage was widespread, and the chaos was rampant, taking down huge services you likely use every day. In other words, it is a powerful marketing tool for peddlers of viruses and malware—don’t expect this to be the last you’ve heard about botnet attacks.

So, the question you are probably asking (or should be asking…) is this:

  1. How do I protect myself from becoming part of a botnet?
  2. And how can I tell if I’m already part of one?

How to Detect and Prevent Botnet Malware Infections

There’s good news and bad news to this. The bad news is that botnet malware is meant to go undetected. As a sleeper agent, it keeps a low profile on your system once it’s installed. In theory, your antivirus and security software should detect it and remove it. That is as long as the antivirus companies know about it.

The good news is that there are some simple and free ways to mitigate the damage you can do if your computer becomes part of a zombie botnet.

  1. Use an alternative DNS provider. DNS stands for domain name service, and it’s the process by which domain names (e.g., groovypost.com) get translated into IP addresses (e.g., 64.90.59.127). This is a pretty basic function for the most part, and usually, your ISP handles it. But you can choose a different DNS server that has a little bit of added value. OpenDNS does that for you, but they also take the extra step of making sure you’re not accessing known malicious content. It’s sort of like if you were to call the operator and be like, “Operator, connect me to Mr. Jones!” and the operator was like, “Um, you know Mr. Jones is a total scam artist, right?” OpenDNS will also tell you if you are part of a botnet by recognizing the patterns of known botnet attacks.
  2. Get a good router. If the DNS server is the operator between your house and the internet, your router is the operator between your ISP and your devices. Or maybe it’s like your DNS server is the FBI, and your router is the local police force. Too many analogies? Okay, sorry. Anyway, in the same way that your DNS server can add a layer of security, your router can, too. My ASUS router detects malware and blocks malicious sites. Many modern routers do so as well. So, if you haven’t upgraded your router in 10 years, you should consider it, even if it’s working perfectly fine.
  3. Check botnet status sites. Two sites provide free botnet checks: Kaspersky’s Simda Botnet IP Scanner and Sonicwall’s Botnet IP Lookup. When you catch wind of a botnet attack, pop on to these sites to see if you’re part of the problem.
  4. Keep an eye on your Windows processes. If you open up the Task Manager in Windows 10, you can see which processes use your network. Do a brief survey of these and take note of anything that looks suspicious. For example, it makes sense that Spotify is using the internet, but what about that weird process you’ve never heard of? For more info, check this out: Windows 10 Tip: Find Out What a Process Does the Easy Way. You might also want to check out Netlimiter for Windows and Little Snitch for Mac.

Those are the basic steps that any responsible tech user can take. Of course, as evildoers on the web continue to grow and their attacks grow more sophisticated, I encourage you to continue getting educated on how to stay safe online.

Have your devices ever been hijacked by a botnet? I want to hear about it! Share your story in the comments.

10 Comments

10 Comments

  1. Richard

    December 27, 2016 at 5:28 pm

    Thanks for this important Post. I checked under Kaspersky’s above and my computer is not part of the problem, however. I always get these messages when trying to go to target.com and sometimes other department stores as well. I have called target and they don’t seem to know how to handle this message: My Desktop PC always says:

    Access Denied

    You don’t have permission to access “http://www.target.com/” on this server.
    Reference #18.a4a40517.1482888069.8140589

    THANK YOU!

    • lee

      July 7, 2021 at 10:57 am

      I used the kaspersky one but the IP address it said were mine are definately not mine the other one you put it in manually and its clear.

  2. Jack Busch

    January 8, 2017 at 11:16 am

    Hey Richard – that definitely sounds fishy. Did you ever get any more info? Accessed Denied is usually a server side error. What browser do you use?

    You ought to check to see if your hosts file has been hijacked.

    Are you on WIn 10?

    Press WIN + R and paste this in:

    c:\Windows\System32\Drivers\etc\hosts

    open it in notepad

    see if there is an entry for target or any other urls in there

    • Richard

      January 9, 2017 at 11:10 am

      Thanks for your response. I finally found out what was causing the problem. After subscribing to “PRIVATE INTERNET ACCESS” some sites will block you stating “Access Denied”. After disconnecting from “Private Internet Access” I was able to access the websites in questions. After leaving the websites, I then reconnect to “Private Internet Access” and every seems to be fine now. I guess that is one place to check when having problems connecting to websites that deny access. THANK YOU!

  3. Jack Busch

    January 11, 2017 at 11:49 am

    Ah makes sense – sounds like Target doesn’t want you accessing their site using a vpn or anonymizer. Interesting thank you for the update!!

  4. Unknown

    July 1, 2019 at 8:18 am

    I think it happened to my laptop but im not sure if its part of a Bot army, a specific website has been pop out a new window in my web browser screen for many times and it wont stop, but it will stop for minutes, hours or so, it depends, the time it will stop is not always the same, so maybe its part of a Bot army for a DDOS attack? i don’t know please tell me.

  5. Nathan Paddock

    September 4, 2019 at 5:51 pm

    You can remove pop-up ads pretty easily using Rogue Killer, a free scanner from Adlice. It has come in handy so many times, I bought a full license. BTW, it will kill bots too.

  6. david lampe

    May 12, 2020 at 2:25 am

    Jack
    My wife has to change her password over and over.
    I’m the administrator on our home computer and she gets frustrated easily so I change her password if she needs access.
    But the normal time between pw changes seems to be gone with her she complains about windows needing to change her password every couple of days. My anti virus says we don’t have malware and malware bytes says we don’t have malware. So what could it be?

  7. Ben Foley

    June 23, 2020 at 7:22 pm

    Sometimes, when I search something on google I get a “Unusual traffic on your computer” and a reCAPTCHA. It started a few days ago, right after I tried to download a ROM for Web Of Shadows. I googled the site, and found out that it often gave people viruses and bloatware. I immediately closed the installer, which, looking back was rather odd because most files just downloaded, but something may have gotten downloaded. This may be unrelated as well, but I downloaded Angry Ip scanner and scanned my wifi and found a uhttpd server and something named linux.local, however upon further scans that had disappeared. Any ideas? Also, I am aware this article came out over a year ago but would still appreciate help.

  8. Philip Kumah Jr

    June 8, 2022 at 5:30 am

    Thanks for this write up. Was really worth a read.

Leave a Reply

Your email address will not be published. Required fields are marked *

 

To Top