Also read Part I of this series:The botnet menace – and what you can do about it
In the first part of this feature we described what bots are, the incredible damage they can cause, and why they constitute a growing threat to enterprises and consumers alike.
We discussed the reasons for the diminishing effectiveness of technologies such as intrusion detection in identifying and thwarting bots.
We listed some newer techniques being employed by increasingly tech savvy bot masters (or bot herders) to avoid detection – such as use of encrypted IRC communications, HTTP tunneling, and peer-to-peer networking.
In conclusion we emphasized the need of for effective strategies to beat bot herders at their own game.
In this piece we present seven such strategies you can implement immediately to discover, block or repair a bot infection.
Note: In both parts of this series we use the term "bot" to refer to malicious bots - software agents used by a bot herder to take control of a network of computer systems, which can then be used for nefarious purposes - such as sending spam, denial of service attacks, information theft and more. However, bots can also perform useful tasks. An example is their use by Search Engines for Web spidering, where an automated script fetches, analyses and files information from Web servers many times faster than a human being would be able to.
Step 1 – Secure your systems
A computer system usually gets infected with a malicious bot via many of the same channels it falls prey to other malware, Trojans and viruses.
These include vulnerabilities at the network layer, on the operating system, pieces of software that listen on the network level, and infiltrate the system, usually through e-mail links that users click on.
That being the case, experts say the first level of defence in battling bots, involves the same basic steps that are effective against viruses and Trojans – keeping your systems patched, using firewalls, spam filtering software and so on.
As another popular route for a bot attack is Web links transmitted through instant messaging (IM), users should also look at anti-virus and filtering software for IM.
Some companies have disabled IM because of inherent risks associated with it.
However, for firms averse to taking such a step, or for whom IM happens to be a business critical capability, there are commercial applications that enable one to proxy those connections through a channel that has the ability to filter out malicious software.