Page 1 of 2 12 LastLast
Results 1 to 15 of 20

Thread: Is it possible to detect Botnet. If yes then how ?

  1. #1
    Join Date
    Sep 2004
    Posts
    66

    Is it possible to detect Botnet. If yes then how ?

    I have a question which many of you had understood by reading the title. I want some way to detect botnets. I had gone through wikipedia article based on the virus, but it is a bit complex to understand. I think some of my systems are infected botnet. I have a antivirus software installed in my computer and it has given me warning recently. Full HD doe snot detected any dept infections. I use the system to make some banking transaction and think that this botnet can spy my password.

  2. #2
    Join Date
    Sep 2004
    Posts
    156

    re: Is it possible to detect Botnet. If yes then how ?

    There are number of antimalware and rootkit detectors that can help you out. A number of antivirus comes with rootkit detection and they are capable of finding and removing them. Instead of locating a botnet detector use a powerful antimalware software that can find and remove them on their own. There are tons of cleanup tools that can help you to deal with this infection. I am using the latest edition of Norton Internet Security which I found more helpful and it worked fine. It keeps the system secure and does not allow any internal threat to track your confidential information.

  3. #3
    Join Date
    Sep 2004
    Posts
    128
    What you are actually trying to do. Do you want to detect the spwyare or botnet or wants a powerful security against them. There are tons of trusted software that you can go for. I had seen malware cleaner which works quiet well. You must keep them updated. If still you suspect then you can simply use a bootable disc to scan for virus. To get more effective scan, run the same in safe mode. It offer you a clear way of cleaning the system. Install latest browser with updates so that there will no vulnerability that can be accessed.

  4. #4
    Join Date
    Sep 2004
    Posts
    83

    re: Is it possible to detect Botnet. If yes then how ?

    Check the process that are running in the background. You can locate suspicious things through that. There are tools like Process Explorer, Hijackthis, etc which can give you a detailed information on the number of services running in your system. You can then find the associated information on the same and the use it block threats. Also if possible try to monitor your network traffic. Botnets mostly try to connect with distant systems sniffing your data. Virus attacks on Windows registry primarily so that they can modify system access and work quietly in the background. Soon you will find your system flooded with lots of virus.

  5. #5
    Join Date
    Sep 2004
    Posts
    105
    That is quiet nice answers. But for an average user, it is complicated to detect a virus. There are tools, but they are complicate to understand. The report generated does not give you much highlight. There are many processes which are mostly associated to system and there is no tool that can simply differentiate between a suspicious and non-suspicious service. Check in Task Manager > Performance. How much system resources are used.

  6. #6
    Join Date
    Sep 2004
    Posts
    103
    Today virus are bit more advance compared to security tools we are using. If you had worked on server security then you can get more aware about complex technologies involved. Botnet are set of systems which are already affected and now program to infect others. So if you feel that your system is getting continuous virus attack, then check your lan connectivity and if you are on a WAN network as the admin or ISP to check the details. Mass attack are carried by attackers to for profit reasons. You can keep your secure if you are just aware how to avoid such things. Like not visiting compromised website, avoid using pirated softwares/OS/games, etc. Attacker attract users by providing free stuff which is loaded with malicious code and one the end user download that the chain reaction starts.

  7. #7
    Join Date
    Sep 2004
    Posts
    136

    Re: How do you detect a botnet? Impossible, right?

    It is possible through portscan. You can monitor the network activity by locating the reason for unauthorized traffic. Basically when a virus enters your system, it tries to communicate with other infection computer and tries to spread. They use open ports or simply modify the system settings. You can use a port scanner software to locate which app is associated with which port. You can in that way find that your system is not acting as a bot. To detect that run any good port scanner and then launch your web browser or mail client. Surf web for about 10 to 15 mins. Check in the port scanner what you can find. Is there any unknown traffic source detected.

  8. #8
    Join Date
    Sep 2004
    Posts
    137
    I am using Webroot Antivirus. I found it quiet effective in many cases. It has a firewall and powerful virus engine to detect and combat with infection. I had checked in it and there is no open port listed. I have around 40 workstation configured on my network. So if one is infected then there are chances of getting the same on all. The firewall looks to be working fine. It will block any incoming connection if located. But in a client system I found a entry in the log which is about some ip address of asia. I had not seen this entry before. I had used port scan but there is nothing associated with the ip. However I am going to keep a more close watch to this and hope that I will locate some reliable program or software that can be utilized.

  9. #9
    Join Date
    Sep 2004
    Posts
    73
    Ample of things that I had seen in my system are adware. They are responsible for those unnecessary popups. We are also facing a common redirect problem on 4 workstation. So to some extent it looks even when the security was on, the adware was able to enter the virus. Also there are some suspicious service which can be keylogger. As we deal with some banking work, so there are chances someone has played with the settings. With a port scanner or simply with security tools there are symptoms that can be traced or avoided.

  10. #10
    Join Date
    Sep 2004
    Posts
    128
    The connection can be detected. The antivirus should be capable of doing that. I will advice you to use a licensed version of any nice antivirus like Norton. This would give you full security support and the virus definition. There are tools like Autorun and Sysinternal though which you can check and verify the startup tools. If you are not aware of using the same then you can simply read a kb article on Microsoft that will offer you a more detail support. It is also necessary that you must keep your OS firewall turned on. Because the same filters your incoming and outgoing traffic. Malware's can be smarter but they never enter on their own. To access various methods are used to encourage a user. Like free tools, popups, attachments, buggy software, fake updates, etc.

  11. #11
    Join Date
    Sep 2004
    Posts
    119
    This are common with botnets. For single user it is more complicated to run all those tools and perform some kind of audits. There are tons of ways by which a system can be infected. To keep yourself secure it is necessary that you must keep your system updated. Firewall keeps a eye on ports and you will receive a popup when any kind of unknown service tries to access your system.

  12. #12
    Join Date
    Sep 2004
    Posts
    113
    I had heard about a .net virus which has infected a number of systems. I had found a nice article on the same that says about the vulnerability. When you scan a port of a system which has a virus infection then you can find what all IP or stuff is trying to connect. There can be malware which appeared in your system through a data transfer. To some extent the antivirus is a infected computer is of no use. You can use some online scanner to detect malware and then take necessary actions.

  13. #13
    Join Date
    Sep 2004
    Posts
    129
    It is very complicated to find the malicious files. It is not easy at all. I have a old system where I seen a number infected dll files. Those are important for windows to work properly and if you play with them your system might crash. The best way to fix those is replacing them. But there are tons of files and it is not possible for you to replace each of them. If you have a large data-center and if you are worried about the infection you must deploy some utility that can scan and verify the system integrity. There are commercial AV programs that are much better in many ways to give you full protection.

  14. #14
    Join Date
    Sep 2004
    Posts
    129

    Re: How do you detect a botnet? Impossible, right?

    Did your antivirus caught any of them. Check the Quarantine of logs where you can find list of infection. You can schedule a full system scan each day to keep an eye on upcoming infections and ensure that your system stays safe. If somehow your PC becomes a part of botnet then that does not means it is going to spread keylogger in entire network. Botnet are mostly used to derive a common function through malicious file and with powerful security audit tools you can locate them.

  15. #15
    Join Date
    Sep 2004
    Posts
    29

    Re: How do you detect a botnet? Impossible, right?

    Download a good port scanner. A number of antivirus comes with powerful port scanner software that gives you the current information on ports open or closed. You can block the one which is suspicious. It is correct that you have to inspect the log everytime to locate some infection in the same.

Page 1 of 2 12 LastLast

Similar Threads

  1. 'Coreflood' botnet Disabled by US.
    By Gentza in forum Web News & Trends
    Replies: 2
    Last Post: 15-04-2011, 01:59 AM
  2. What is kneber botnet
    By Elbanco in forum Networking & Security
    Replies: 5
    Last Post: 23-02-2010, 01:48 PM
  3. Removing botnet WORM_DOWNAD.AD
    By Xan in forum Networking & Security
    Replies: 6
    Last Post: 16-02-2010, 10:24 AM
  4. Removal and prevention for Avalanche botnet
    By Juan-Carlos in forum Networking & Security
    Replies: 5
    Last Post: 28-01-2010, 04:15 PM
  5. Botnet Virus' DDos attacking
    By sumesh.tr in forum Tips & Tweaks
    Replies: 2
    Last Post: 29-07-2008, 11:22 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,709,449,484.63246 seconds with 17 queries