Thursday, October 28, 2010

"Robot Computers" - You May Have One

Robot computers - bots for short - are simply garden variety home or business PCs that have been infected by malicious software that takes them over, on a command from the "bad guys", and directs them to do whatever the bad guys want them to do.   Two activities are most likely: 1. they turn your PC into a spam engine, sending advertisements (frequently in your name) to those in your address book and then to thousands of others.  In case you miss the point, let me give you a clear example:  your friends and neighbors receive eMail from you advertising medications to make the male Penis larger.   2. they use your machine to extort money from online companies.  If a given company does not give in to their demand for money, they attack the company's website with their bot army.  Your computer is one of the soldiers in the bot army.

Many people ask how the malicious software gets on their computer.  Typically a piece of malicious software known as a "Trojan" (from the story of the Trojan Horse) is first.  Trojan software typically gets into your computer because you either invite it in or go to some place that provides it.  Here are some common scenarios:

1.  You get an interesting piece of eMail from a trusted source (whose PC is already infected) that contains a hyperlink.  You click on it and it takes you to a web site that takes advantage of a bug (programming error) in your browser (Internet Explorer for example) that lets it download and run software.  The software it downloads is a Trojan which invites it's owners to download additional software anytime they choose. This is usually referred to as a "drive by" attack since it attacks you when all you were doing was visiting their web site.  Your computer would be less vulnerable (but not impervious) to this kind of attack if you are running Windows Update automatically.  To set this up, click on Start, All Programs, Windows Update.

2. Pop up link:  you are happily surfing the web when suddenly, from an infected web site, a popup window appears saying something like "BEWARE your computer is infected with a virus (actually it is not. yet.). "click here" the window says and we will download antivirus software that will clean it out.  You click and down comes the fake "antivirus" software which is in fact, a Trojan that installs itself and invites its creator to download through it any other software desired.

GUESS WHAT!   a major bad guy, owner of a "bot net" consisting of over 30 MILLION PCs has been busted by the police in Holland.  Here is a link to an article in Computerworld (an Information Technology trade newspaper):

As you can see from the article, the Netherlands police are attempting to warn the owners of those 30 million PCs that their machines have been infected.  Problem is, many folks will ignore the warning, assuming it is bogus.  IT IS NOT!  Follow this link

to see what the warning looks like. If you have seen this on your compter, YOU ARE INFECTED!  What you are infected with is a Trojan.  Of course, the Trojan just provides an entry for the bad guys into your computer.  You can't know WHAT kind of software they have downloaded through the trojan into your PC.  It could be a spam engine, an extortion soldier, a key logger tracking and reporting everything you type from your keyboard, etc etc.  All the Netherlands police can do is tell you that you are infected with something.  You need to scan your computer or have it scanned by a professional.  Believe the warning, it is real.


Anonymous said...

Hi Jim,

I never received a notice from the Netherland police so, hopefully, my computer is clean. On occasion, I receive an e-mail from a friend with nothing in the subject line and the only thing in the e-mail is a link. Fortunately, I didn't open it even though I trust my friend. When I talked to him he said he didn't send the e-mail. The safest thing to do is just delete this kind of e-mail. It could prevent a lot of trouble.

Bill Barber said...

I think if I had seen the Dutch "warning" pop up, I would have probably thought of it as spam trying to hook me into a virus/trojan. However, it probably would also have prompted me to immediately run a virus scan and/or an ad-aware scan.
Great info here, Jim!