the main / Installation and Setup / All about botnets. The most reliable protection against network viruses - installation of reliable antivirus

All about botnets. The most reliable protection against network viruses - installation of reliable antivirus

Botnet or network bots is computer networkConsisting of a large number of computers on which malicious software is secretly installed, allowing intruders to remotely perform any actions using the computed machine computing resources. Hundreds or even thousands of infected computers are usually used for illegal and malicious activities - spam mailing, viruses, kidnapping or DDoS attacks. To date, the botnets are considered one of the most serious cybergroms.

How do botnets appear?

In order for your computer to become part of a botnet, it must be infected with specialized malware, which supports contact with a remote server or with a different infected device, thus obtaining instructions for action from intruders controlling this botnet. In addition to the impressive scale of infection, malware used in order to create botnets is essentially not much different from traditional malware.

How to recognize botnet?

Find a typical malware for the botnet can in the same way as in the case of all other malicious programs. Independent features can be slow work, strange actions, error messages or a sudden launch of the cooling fan during the way the computer is in standby mode. These are possible symptoms that someone remotely uses your computer, which has become part of branched botnet.

How to remove a PC from the botnet?

Due to remove your PC from the botnet, it is necessary to remove the malicious software by which the attackers carry out remote control over it. Most. effective way It is anti-virus scanning of the system of your computer, which will help detect a malicious program and remove it from the computer.

How to avoid malware infection, characteristic of a botnet:

Install the high-quality antivirus solution on your computer
Set up automatic update all third-party programs
Be extremely careful when traveling, downloading programs and open files

Other ways to protect against risk to become part of the botnet:

To secure your computer from the risk to become one of the 'Zombies' in the Baptnet Army, try to avoid any suspicious downloads. Do not follow the links and do not open the files of the files from the letters, the seitsers of which are unknown to you, and be extremely attentive when installing third-party software on your computer. Maintain third-party on the updated and install all the most fresh updates operating system. However, the most important is the use of modern and high-quality anti-virus protection, eg, antivirus Avast.which will ensure reliable protection of a computer from all types of malware and help to avoid infection of your computer and turn it on in botnet.

One of the security commandments, as we have already mentioned, is to be sensitive to a possible attempt to capture control over the computer.

The botnets say when computers of ordinary users are subject to control of C & C servers (Command and Control), which collect data and, as a rule, send commands to zombie computers. Not always, however, such a server is necessary. In the case of P2P-botnet, a mutual relationship between zombie computers is used.

The most frequent symptoms of computer infection

The first step that we have to do is make sure that our computer shows signs characteristic of zombie machinery.

These include:

sudden, an inexplicable slowdown in the computer, repeated behavior;
excessive disk activity and network connection;
sudden change in the behavior of famous sites;
constantly emerging pop-up windows, regardless of which site we view;
reinforced activity package activity - including signals about strange compounds;
messages about defused messages email, as well as notifications from friends that we send them spam;
problems with the launch of the computer, frequent computer hangs, error messages;
additional browser program extensions and files that appear and disappear from the disk;
unknown programs that appear in the Task Manager, as well as the expansion of the browser that you have not been installed.

The symptoms described above indicate an increased risk, but this does not mean that our computer is infected.

The reason for certain behavior may be poor system optimization. It can also be the effect of malicious infections, which, however, have no connection with the transformation of our computer in the zombie car.

The first line of defense - antivirus

The transformation of the computer in Zombies is associated with the infection of the malicious program. Therefore, first scroll through the computer with antivirus. It must be updated, and the scan should cover the entire computer, and not just system files and user profile.

Scan computer Using the anti-virus system is half of the success. A part of malicious programs responsible for turning the computer into zombies can be hidden using rootkits.

To identify this softwareYou must check your computer using the "Scan to Rucchitis" option.

Second Protection Line - Firewall

Firewall is used not only to protect against intrusion. It can be used to block Internet traffic at our discretion.

First of all, when we think that our computer is zombied, but the antivirus found nothing, it is worth paying a little time to analyze his behavior. The level of protection in the firewall should be installed at maximum, as well as enable Interactive modeSo that any compound attempts have been identified.

Then we are looking for activity that is not related to the functioning of any system Application or software that we ourselves installed. Sometimes infection can also be distributed to system files, and the identification scheme will be very complex, so it is worth consulting with specialists in case of any doubt.

Network activity It is also controlled and recorded in logs that can then be calmly viewed. As we exclude incorrectly working processes, the comfort of the use of the computer will return to the initial state.

Load on the computer - you may not notice this

Modern computers are very effective, therefore there is a risk that you will not even notice an excessive load on the computer. Therefore, it is necessary to confine our computer with the following tools:

System Task Manager - in recent versions Windows It allows you to control running applicationsAnd also provides data on the use of computer resources.

After launching the dispatcher, we can:

view all active processes and identify causing their software;

check the load on Internet access through any application;

view List of Services, especially actively working, which are not related to the operating system or software;

check the use of resources, in particular, the processor, memory.

More detailed information on the use of resources, including the exact specification of active network connections, is displayed in Monitor windows resources . It can be opened by clicking on "Open Resource Monitor" on the "Speed" tab in the Task Manager.

Also worth paying attention to the following programs:

SysInternals Suite. - This is a popular package of application monitoring systems can replace system utilities, and thanks to convenient interface And deciphering the necessary information will be much easier. In this package you will find:
- TCPVIEW - shows a list of all active connections along with the addresses of the target computers, allows you to identify their owner (WHOIS tool);
- Process Explorer. - the extended version of the task dispatcher processes list, groups tasks according to applications, which makes it possible to evaluate interdependence between software;
- Procmon - controls all activity hard disk, registry and software, allows you to maintain logs for subsequent analysis.

The shared forces of private companies and government organizations - the next, more advanced and sophisticated comes to change. As in the wild - among computer viruses and other malicious software, the strongest is always wins.

Kaspersky Lab analyzed the activities of one of the most interesting botnets that are currently functioning at present - so-called. Alureon, built on the basis of the TDL-4 rootkit (about which on Habré recently wrote in his blog ESET). And to see here, indeed, there is something on that - after all, the architecture of the botnet and underlying the technology was instantly characterized by various Internet publications as "non-destructive". 4.5 million infected machines also give a hint for the use of the architecture used.

Actually, TDL-4 was originally designed to avoid destruction or removal - the forces of the law, antivirus program or competing botnets. When installing, TDL-4 removes the carrier from the computer, everything else is malicious software, so that the user of the machine does not notice the strange behavior of the car and did not try to restore its normal operation. The goal is clear as a white day - Rukkit is trying to remain invisible, because in most situations it is the user, and not a program, notes changes in the work of the computer (sharp "emissions" of data packages, reducing performance, etc.).

In order for the mimicry to be the most efficient, rootkit (or rather - bouquet) infects the main section boot record Hard disk (MBR) responsible for loading the operating system. This means that the rootkit code is loaded before the OS, not to mention the anti-virus, which makes it to find and delete an even more nontrivial task. The TDL-4 also encrypts the power traffick using SSL to avoid detecting other programs, both useful and malicious.

The most remarkable feature of Alureon "A is the use of a decentralized P2P-network KAD (used, for example, Emule) for a message between nodes. With its help, it creates its own network of infected machines, allowing them to exchange traffic without connecting central servers, as well as finds new computers. To expand the network.

This is done just in order to increase the stability of the network. After all, all previous attacks on botnets were committed with the help of government organizations that turn off command and control centers from work found, as happened in the situation with Rustock, with using Microsoft.who determined the location of the central nodes. As a rule, such servers are usually not very many - several dozen, but it is through them that the spam is controlled, DDoS attacks, etc. And they are also the greatest vulnerability of any botnet.

Alureon stands out against the background of competitors, firstly, in that it uses about 60 such centers, and secondly, it is absolutely not necessary for their unshakable existence - the Baptnet owner can control the entire network even if the infected machines cannot "reach out" To servers, as it is built according to the PEER-TO-PEER principle. Encryption allows you to hide them, and the use of a decentralized network is to change the location of the central node.

Of course, the rootkites used to be used to build a P2P network botnets, but in very rare and exceptional situations their size was similar to what the alureon broke. This gives it not only the flexibility in communications within the network, but also high resistance to destruction. Therefore, techniques applied against other botnets may not have the effect against this individual.

Malicious software, in itself, applies primarily through file sharing and pornographic sites. A one more way to infect computers was found by creating a DHCP server forcing the computers to use a malicious DNS server that guides network users on pages containing rootkit. Another remarkable feature of the TDL-4 code (known as TDSS) is the "poisoning" of the results of issuing search engines by creating additional proxy servers downloading the program to the computer.

In addition, classical services like spam and the execution of DDoS attacks, the operators of this botnet offer an exclusive possibility of using any computer on the network as a proxy server, anonymizing Internet traffic. For only $ 100 per month, you will even provide a special plugin to Firefox to make it easier to use such an anonymous proxy system.

The destruction of such a botnet will be a difficult task - its researchers already talk about specially designed requests to servers to obtain statistics on the number of infected computers - Kaspersky specialists have found several databases located in Moldova, Lithuania and USA containing proxy servers based on which botnet functions .

Also in the comments to work it is said that in corporate network (using http \\ https proxy) infected machines can be found using the DNS server logs - a signal can serve as a DNS query from the machine to the proxy server (usually DNS requests come from proxy server).

Hello again.
The theme of today's article. Types of computer viruses, principles of their work, ways of infection with computer viruses.

What is generally like that computer viruses.

Computer virus is a specially written program or assembly of algorithms that are written in order to: Jold, harvest anyone either a computer, get access to your computer, to intercept passwords or extorting money. Viruses can self-copy and infect malicious code your programs and files, as well as boot sectors.

Types of malicious programs.

Divide malicious programs can be two main types.
Viruses and worms.

Viruses - distributed through malicious filewhich you could download on the Internet, or may be on a pirated disk, or often pass them on Skype under the guise of useful programs (I noticed that schoolchildren often come across, they are transmitted alleged modes for playing or cheats and can actually be a virus that can harm).
The virus contributes to one of the programs, or is masked by a separate program in the place where users usually do not enter (folders with the operating system, hidden system folders).
The virus can not start himself while you yourself do not run the infected program.
Worms There are already many files with your computer, for example, all EXE files, system files, boot sectors, and so on.
Worms most often penetrate the system already, using your OS vulnerabilities, your browser, a specific program.
They can penetrate through chat rooms, communication programs such as Skype, ICQ can spread via email.
Also they can be on sites, and using the vulnerability of your browser to penetrate your system.
Worms can spread local networkIf one of the computers in the network will be infected with it can spread to other computers infecting all the files on their path.
Worms try to write under the most popular programs. For example, now the most popular browser "Chrome", so scammers will try to write under it, and do malicious code on sites under it. Because it is often more interesting to infect thousands of users who use a popular program than a hundred with an unpopular program. Although Chrome and constantly improves protection.
Best defense from network wormth this update your programs and your operating system. Many neglect updates about what they often regret.
A few years ago, I noticed the next worm.

But he clearly got not through the Internet, but most likely through a pirate disk. The essence of his work was such - he created a copy of each folder in a computer or on a flash drive. But in fact, he created a similar folder a exe file. When you click on such an EXE file, it spread even stronger through the system. And it was only to get rid of him, you will come to a friend with a flash drive, throwing music from him and return with a flash drive infected with such a worm and again I had to withdraw it. Whether this virus caused some more damage to the system I do not know, but soon this virus stopped my existence.

The main varieties of viruses.

In fact, there are many species and varieties of computer threats. And it is simply impossible to consider everything. Therefore, we consider the most common and most unpleasant.
Viruses are:
— File - Are in an infected file, activated when the user includes this program, cannot be activated.
— Boot - can be loaded at download windows Once in autoload, when inserting a flash drive or similar.
- Macro viruses - These are different scripts that can be on the site, can send them to you by mail or in Word and Excel documents, perform certain functions laid on the computer. Use vulnerabilities of your programs.

Types of viruses.
-Ran programs
- Spies
- extortionists
- Vandals
- Rukkty
- Botnet
- Cailers.
These are the main types of threats that you can meet. But in fact, there are much more.
Some viruses can even be combined and contain several species of these threats in themselves.
- Trojan programs. The name comes from the Trojan horse. It penetrates your computer under the guise of harmless programs, then you can open access to your computer or send your passwords to the owner.
Recently, such trojans are common that are called Stylers (Stealer). They can steal saved passwords in your browser, in postal gaming clients. Immediately after starting, copies your passwords and sends your passwords on Email or to hosting an attacker. He remains to collect your data, then they are either sold or use for their own purposes.
- Spyware (Spyware) Track user actions. What sites attend or what the user does on its computer is.
- extortionists. These include Vinlakers (WinLocker). The program is completely, or fully blocks access to the computer and requires money for unlocking, to put on an example on account or so on. In no case if you hit this should not send money. The computer does not unlock you, and you lose money. You have a direct road to the website of DrWeb, there you can find how to unlock many vilorlinkers, by entering a specific code or perform certain actions. Some villybers may abide for example every other day.
- Vandals Can block access to antivirus sites and access to antivirus and many other programs.
- Rukkty (Rootkit) - Hybrid viruses. May contain various viruses. They can access your PC, and the person will fully have access to your computer, and they can merge at your OS kernel. Came from the world Unix Systems. You can mask various viruses, collect computer data and all computer processes.
- Botnet A sufficiently unpleasant thing. Batnets are huge networks from zombies' contaminated computers that can be used for DDOS sites and other cyber attacks using infected computers. This species is very common and it is difficult to detect it, even antivirus companies may not know for a long time about their existence. Many people can be infected with them and not even suspect about it. Not exception you can even be.
— Cailers. (Keylogger) - keyboard spies. Intercept all that you enter from the keyboard (sites, passwords) and sends them to the owner.

Ways of infection with computer viruses.

The main ways of infection.
- Vulnerability of the operating system.

— Vulnerability in the browser

- quality antivirus lame

- Stupidity of the user

- Replaceable media.
OS vulnerability - No matter how hard they try to kill protection for the OS over time there are security holes. Most viruses are written under Windows as this is the most popular operating system. The best protection is constantly updating your operating system and try to use a newer version.
Browsers - It is happening at the expense of browser vulnerabilities, especially if they are old again. It is also treated with frequent updates. There may be problems if you swing plugins for a browser with third-party resources.
Antivirus — free Antivirus which have a smaller functionality in contrast to paid. Although paid do not give 100 results in defense and give drying. But it is desirable to have at least free antivirus. I already wrote about free antiviruses in this article.
Stupidity of the user - Clicks on banners, go through suspicious links from letters and so on, installing software from suspicious places.
Replaceable carriers - Viruses can be installed automatically with infected and specially prepared flash drives and other interchangeable media. Not so long ago, the world heard Badusb vulnerability.

https://avi1.ru/ - buy very inexpensive promotion on social networks you can on this site. You will also get really favorable offers for the purchase of resources to your pages.

Types of infected objects.

Files - infect your programs, system and regular files.
Boot sectors - Resident viruses. Incable as it is clear from the name of the computer's boot sectors, attribute your code into a computer startup and start when starting operating system. Sometimes we are well mastered that it is difficult to remove from the startup.
Macrocomands — Documents Word., Excel and the like. I use macros and vulnerability microsoft Office makes your malicious code into your operating system.

Signs of infection with computer viruses.

Not a fact that when some of these features appear, means the presence of a virus in the system. But if they are recommended to check your computer with antivirus or contact a specialist.
One of the common signs - this is a strong computer overload. When your computer slowly works, although you have nothing like it seems, programs that can heat the computer. But if you have an antivirus, notice the antiviruses themselves load the computer very well. And in the absence of such software that can ship, then there are more viruses here. In general, I advise you to reduce to start the number of running programs in autorun.

it can also be one of the signs of infection.
But not all viruses can heat the system strongly, some almost hard to notice changes.
System errors. The drivers stop working, some programs begin to work not correctly or often fly out with a mistake, but earlier it is ford that this was not noticed. Or begin to reboot the programs often. Of course it happens because of antiviruses, for example, the antivirus deleted mistakenly by counting the system file malicious, or deleted a really infected file but it was associated with system files Programs and removal entailed such errors.

Advertising in browsers Or even on the desktop begin to appear banners.
The emergence of non-standard sounds When working with a computer (squeak, clicks, no with this and the like).
Opened by itself CD / DVD driveOr just starts to read the disk although there is no disk there.
Long inclusion or disable computer.
Hijet your passwords. If you notice that your name is sent various spamWith your mailbox or pages social networkAs the probability that the virus is penetrated into your computer and handed over to the owner's passwords if you noticed this I recommend to check the antivirus at mandatory (although it is not a fact that it is so attacker received your password).
Frequent access to the hard disk. Each computer has a indicator that blinks when various programs use or when copying, download, move files. For example, you simply enabled a computer but no programs are used, but the indicator starts to flash allegedly programs. These are already viruses at the hard disk level.

That's actually reviewed computer viruses that you can meet on the Internet. But in fact, they are many times more, and it is not possible to completely defend, unless you use the Internet, do not buy discs and do not include the computer at all.