Stop your Business IT from Becoming a Botnet Zombie

March 1, 2012

Zombies are all the range now, both on the silver and the small screens (and the digital, and the mobile, and ... you get the point). But even if you’re not packing heat for the zombie apocalypse, you need to be concerned about a threat that’s both real and lethal to your business information technology (IT): botnets. Falling prey to one of these infections could enlist your computer into a virtual army of the living dead.

First Blood

So just what is a botnet? Here’s a definition from Microsoft’s Safety & Security Center:

The term bot is short for robot. Criminals distribute malicious software (also known as malware) that can turn your computer into a bot (also known as a zombie). When this occurs, your computer can perform automated tasks over the Internet, without you knowing it.

Criminals typically use bots to infect large numbers of computers. These computers form a network, or a botnet.

Criminals use botnets to send out spam email messages, spread viruses, attack computers and servers, and commit other kinds of crime and fraud. If your computer becomes part of a botnet, your computer might slow down and you might inadvertently be helping criminals.

But just how does the zombie bug spread? Sometimes it’s through an employee falling prey to a phishing attack via email or social media. Or maybe the botnet creator squeezes through a weakness in a computer’s operating system or software (so-called “zero-day exploits”). A surprising number of these style attacks happen even after weaknesses have been identified and patched by software providers, due to computers that are not up-to-date on the latest security updates.

Regardless of the method used, the initial infection is just the beginning of your problems.

The Virtual Dead

For hackers, the value in a botnet is the large amount of processing power they now have access to. Botnet masters utilize botnets to perform a variety of malicious purposes, from simple spam to major digital attacks. Here are some infamous examples of the havoc botnets have caused:

It’s not even high-level hackers to worry about: botnet kits, complete with tech support and patches, are now available so that even those with limited computer skills can now fire away at businesses.

Fighting Back

So, what can your business do? It’s important, as always, for your business to install good firewall and antivirus protection, like that offered by our partner GFI Vipre. Keep track of the latest updates for all of your business IT and install them immediately to avoid malware that takes advantage of unpatched software exploits. If you notice your system growing unusually sluggish or recording odd actions, contact a security consultant to audit your IT for a botnet infection.

Also, educate your employees about secure Internet practices. Keep up with the latest phishing scams and send out that information. Make sure people know not to click on suspicious links or attachments, and that they know how to contact your IT security team (or the firm managing your security) if they’re asked to supply confidential information via email or social media. Due diligence with financial information is also important for recognizing and stopping a botnet.

The number of botnet attacks is only rising as the technology becomes easier to use and more people stay connected to the Internet via mobile devices. If you’re worried about the risk botnets pose for your business IT, we encourage you to reach out to a tech firm that specializes in handling these and other threats (we’d certainly be glad to discuss it with you).

If you’d like to learn more about botnets, check out this handy infographic from McAfee Labs, and consider subscribing to their botnet blog channel.