PCWorld Forums

PCWorld Forums: Is Your Pc Bot-infested? Here's How To Tell - PCWorld Forums

Jump to content

  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

Is Your Pc Bot-infested? Here's How To Tell

#1 User is offline   PCWorld 

  • Advanced Member
  • PipPipPipPipPipPipPipPip
  • Group: PCWorld BOT
  • Posts: 114,551
  • Joined: 01-August 07

Posted 24 August 2009 - 08:00 AM

Post your comments for Is Your PC Bot-Infested? Here's How to Tell here
0

#2 User is offline   skicrazer 

  • Full Member
  • PipPipPip
  • Group: Members
  • Posts: 67
  • Joined: 19-January 07

Posted 24 August 2009 - 08:57 AM

Other than providing the detection tools, the article didn't tell us "how to tell." I'll try the tools out, though!
0

#3 User is offline   JakeB 

  • Advanced Member
  • PipPipPipPip
  • Group: Members
  • Posts: 497
  • Joined: 12-June 09
  • Location:Paris, France

Posted 26 August 2009 - 03:57 AM

Easy way to tell if your computer is bot-infested:

1. Check the casing.
2. Is there an Apple sign glowing there?
3. If not, your PC is bot-infested.
-4

#4 User is offline   rcprimak 

  • Advanced Member
  • PipPipPipPip
  • Group: Members
  • Posts: 490
  • Joined: 29-January 08
  • Location:Hinsdale, Illinois, USA

Posted 26 August 2009 - 02:47 PM

This article offers no information on how to detect and remove bots on a compputer. Send it back for a rewrite!
-- Bob Primak --
0

#5 User is offline   ABCDaMan 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 9
  • Joined: 05-February 08

Posted 26 August 2009 - 04:30 PM

View PostJakeB, on 26 August 2009 - 03:57 AM, said:

Easy way to tell if your computer is bot-infested:

1. Check the casing.
2. Is there an Apple sign glowing there?
3. If not, your PC is bot-infested.

And if so, your "machine" is an infested bot!
0

#6 User is offline   4G3NTSM1TH 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 4
  • Joined: 09-September 09

Posted 09 September 2009 - 07:09 AM

JakeB said

Easy way to tell if your computer is bot-infested:

1. Check the casing.

2. Is there an Apple sign glowing there?

3. If not, your PC is bot-infested.

--

Shows how much the best mac users know about computers [98% of the people that buy them have no knowledge of computers and the 2% worship Steve Jobs]. Such a fanboi..

This article does need a re-write, or atleast a title change.
0

#7 User is offline   arkitekt78 

  • Full Member
  • PipPipPip
  • Group: Members
  • Posts: 55
  • Joined: 01-April 09

Posted 09 September 2009 - 08:31 AM

Typical of Apple fanboys... Never have anything useful to contribute...
1

#8 User is offline   rixware 

  • Full Member
  • PipPipPip
  • Group: Members
  • Posts: 95
  • Joined: 11-April 07

Posted 09 September 2009 - 09:16 AM

Very poor article, PC World. A better title would be:

"Is Your PC Bot-Infested? There's No Way To Tell"

And relying on the Microsoft tools for potential help is like using a letter opener on a juicy piece of steak.
0

#9 User is offline   wsmacl 

  • Full Member
  • PipPipPip
  • Group: Members
  • Posts: 63
  • Joined: 15-December 06

Posted 09 September 2009 - 11:11 AM

Hello folks! If you read carefully, you would see that he gives you a very good way of knowing - or at least having a better idea. The program he mentions (BotHunter) listens to your network traffic and looks for maleware type patterns - a relatively good way of tracking down even the newest and other wise undetected maleware.
Thanks for a good article!
0

#10 User is offline   Irkos 

  • Member
  • PipPip
  • Group: Members
  • Posts: 18
  • Joined: 24-October 06

Posted 24 September 2009 - 04:45 AM

I have never seen an easy to way to tell if you are infected by a bot that didn't involve some other software - and this advice seems to be the most obvious ones to introduce. I suppose one could always log network traffic and look over it...
0

#11 User is offline   CSCS 

  • Member
  • PipPip
  • Group: Members
  • Posts: 16
  • Joined: 23-February 09

Posted 24 September 2009 - 12:03 PM

Agree with mostly everyone who says the article missed the point of its title. You tell us how to fix it, but not how to detect! Hope the writer reads these comments.
0

#12 User is offline   Kinman 

  • Advanced Member
  • PipPipPipPip
  • Group: Members
  • Posts: 125
  • Joined: 11-February 08

Posted 24 September 2009 - 07:17 PM

system infected with bots is hard to tell, since the bots' aim are not damage your system, rather they are used to attack other systems
0

#13 User is online   StevenK 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 2
  • Joined: 28-November 07

Posted 25 September 2009 - 03:18 AM

View PostJakeB, on 26 August 2009 - 03:57 AM, said:

Easy way to tell if your computer is bot-infested:

1. Check the casing.
2. Is there an Apple sign glowing there?
3. If not, your PC is bot-infested.


What's a casing?
0

#14 User is offline   mctavish 

  • Member
  • PipPip
  • Group: Members
  • Posts: 10
  • Joined: 04-November 06

Posted 04 October 2009 - 02:57 PM

Bothunter doesn't work. It is a waste of time.
0

#15 User is offline   KStrawn 

  • Expert
  • PipPipPipPipPipPip
  • Group: Members
  • Posts: 1,589
  • Joined: 28-October 08
  • Location:Lake Forest, California

Posted 04 October 2009 - 03:15 PM

View PostPCWorld, on 24 August 2009 - 08:00 AM, said:

Botnets provide a quick and easy means to do so, and, according to security firm Kaspersky, botnet owners charge big money for that service.


A black market for malware? Didn't see that one coming, did you, Windows and Mac users? Linux doesn't exhibit nearly as much trouble. Linux actually hasn't had one virus since its launch in 1991 (The Linux kernel, not any distributions other than Slackware!). Linux is more secure by design. Package managers are perfectly safe, because they are precompiled from source by what I like to call "repo police" who make dang sure no malicious code gets compiled. There's really no way hackers can get the average user to compile malicious code from source, either. Users don't want to go through all that trouble. The only people who even want to know how to compile code from source are true geeks. A "black repo" is certainly the only way hackers can get a virus on Linux, and even then, the average users don't like to edit the repo settings.

This post has been edited by KStrawn: 04 October 2009 - 03:18 PM

Best regards,

-Kenny Strawn
0

#16 User is offline   WinTard 

  • Veteran
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 6,642
  • Joined: 16-January 09
  • Location:Look behind you...

Posted 04 October 2009 - 04:21 PM

View PostKStrawn, on 04 October 2009 - 03:15 PM, said:

View PostPCWorld, on 24 August 2009 - 08:00 AM, said:

Botnets provide a quick and easy means to do so, and, according to security firm Kaspersky, botnet owners charge big money for that service.


A black market for malware? Didn't see that one coming, did you, Windows and Mac users? Linux doesn't exhibit nearly as much trouble. Linux actually hasn't had one virus since its launch in 1991 (The Linux kernel, not any distributions other than Slackware!). Linux is more secure by design. Package managers are perfectly safe, because they are precompiled from source by what I like to call "repo police" who make dang sure no malicious code gets compiled. There's really no way hackers can get the average user to compile malicious code from source, either. Users don't want to go through all that trouble. The only people who even want to know how to compile code from source are true geeks. A "black repo" is certainly the only way hackers can get a virus on Linux, and even then, the average users don't like to edit the repo settings.


Sorry to burst your Linux bubble my friend. But Linux is nowhere as close as secure as you imply (innocently).

Google: Results 1 - 10 of about 671,000 for the first rootkit. (0.28 seconds)

Now we're talking Unix, the actual model for Linux which is a mere clone of Unix, and NOT Unix.

Quote

http://staff.washing...qs/rootkits.faq
As time went on, clever hackers had developed methods to conceal their
activities, and programs to assist this concealment. These methods and
programs were documented in "philes" that populated underground bulletin
boards and published in magazines -- electronic and hardcopy -- like
2600 and Phrack.

For example, "Hiding Out Under Unix," by Black Tie Affair (Phrack Volume
Three, Issue 25, File 6, March 25, 1989) includes source code for a
program to edit the /etc/wtmp file to remove all logins records for
compromised accounts.

Over time, other clever programmers kicked into action and wrote
programs to modify the timestamp and size of programs like "ls",
"netstat", "ps" which were turned into "trojan horses".

Just like the Trojan Horse used by the Greeks to sack Troy, these
programs appear to be something you know and trust, but instead hold
hidden features that trick the person running them into believing the
output is truthful, very effectively allowing the intruder to harvest
login passwords, conceal their files, network connections, and
processes. Since the files had the same timestamp as other programs in
the same directory, and appeared to have the same checksums (via another
trojan horse technique), the naive administrator of the system would see
nothing out of the ordinary and give up, thinking the system to be
"clean".

These trojan horse programs were bundled together in the form of "Root
Kits", the original written for Sun's Berkeley flavor of Unix (SunOS 4)
and later for Linux. (SunOS 4 and 5 root kits will be discussed later.)

Linux Root Kit version 3 (lrk3), released in December of 1996, further
added tcp wrapper trojans and enhanced the programs in the kit. This
was the most common method of concealing activity and stealing passwords
by sniffing on the new favorite target of intruders, x86 compatible PCs
running Linux.


Alas, the term rootkit came from Unix. Also Linux isn't designed with best of breed methodologies in mind but is more akin to a pot-pourri hodgepodge of patches from anybody and everybody. Where do you think the term Apache came from?

Quote

http://en.wikipedia....istory_and_name
However, the original FAQ on the Apache Server project's website, from 1996 to 2001, claimed that "The result after combining [the NCSA httpd patches] was a patchy server


Also Linux isn't just the kernel, but a collection of peripheral services and programs composing the Linux OS.

Sad but true, Linux is a sieve of holes and vulnerabilities (kernel included), the only redeeming factor is the less than 1% market penetration for that OS, basically invalidating it from black market malware:

Posted Image
http://secunia.com/a...h/?search=linux

How about searching the NVD from the US Govt for Linux?
Posted Image
http://nvd.nist.gov/

Please note the recent vulnerabilities for Linux... (All versions to date).

And also for comparison purposes, let's compare the number of vulnerabilities to the Windows ecosystem, including all applications running under Windows to date... And you will note the # of holes normalized to the number of systems in use, Windows security is far superior to that of Unix/Linux. That is the truth.

See for yourself!
Posted Image

I'm not bashing Linux here. I love Linux. But I believe in security through awareness, not belief...

Also note in the world of Unix / Linux nobody would use root equivalent id for normal day-to-day use, only su or sudo to root to perform system admin tasks. The exact same principle applies to Windows. However, since the most popular OS in the world has been vulgarized to the masses, most users are clueless about any the repercussions of their improper usage habits.

Report: 92% of critical Microsoft vulnerabilities mitigated by Least Privilege accounts

http://en.wikipedia....least_privilege

Which is to say more technical people such as yourself wouldn't get duped by social-engineering tricks prevalent in the Windows world upon less astute computer users.

~~~~~~~~~~
If knowledge can create problems, it is not through ignorance that we can solve them.
~ Isaac Asimov (Russian born American science-fiction Writer and Biochemist. 1920-1992)

Disclaimer: This is just my humble opinion -- In a free world, is everyone is entitled to their own opinions?
Spoiler
1

#17 User is offline   WinTard 

  • Veteran
  • PipPipPipPipPipPipPip
  • Group: Members
  • Posts: 6,642
  • Joined: 16-January 09
  • Location:Look behind you...

Posted 05 October 2009 - 01:25 PM

As far as how to tell?

Simply load the excellent and free Microsoft Security Essentials (MSE). If it won't load, you're infected! If it says GREEN, you are safe. This is the best malware detection and prevention software I've seen to date. Finding stuff that had been classified as 'clean' by Avast, Panda, Totalscan, Nanoscan, and others (using FULL SCAN).

Hey, it's free. What have you got to lose?

This will even detect and eradicate rootkits. Who is more qualified than Microsoft to scan their own filesystem, without using the OS itself? Posted Image

Simple eh? (and free!) Enjoy!

Get it here: http://www.microsoft...ity_essentials/

More info here: Google: Results 1 - 10 of about 14,500,000 for microsoft security essentials. (0.14 seconds)

Also recommended by a WinTard!
Posted Image

~~~~~~~~~~~
Life is really simple, but we insist on making it complicated.
~ Confucius

Simplicity is the ultimate sophistication.
~ Leonardo da Vinci, 1452-1519, Italian Painter and Sculptor

The words of truth are always paradoxical.
~ Lao Tzu

Disclaimer: This is just my humble opinion -- In a free world, is everyone is entitled to their own opinions?
Spoiler
0

#18 User is offline   antihacker101 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 6
  • Joined: 15-February 10

Posted 15 February 2010 - 08:29 PM

View PostPCWorld, on 24 August 2009 - 08:00 AM, said:

Post your comments for Is Your PC Bot-Infested? Here's How to Tell here



first of all, i know all about the botnet due to being the source. so far, i seen no other proof of other source. i got to talk to microsoft's ceo that told me to get a hold of ed gibson. a hotmail was returned, then i sent him info, but no return yet.

so far, i am searching for info that proofs they iknow about the botnet. i see none. i can tell you things about it from creation starting in aug 2008 to now. i can tell you how its actually getting in which only was found recently in 1 article. i also know that darkmarket.org and shadowcrew are involved due to a packet in 2008 refering to Mastershryder.

changes were made to the botnet through my machines where ttf and color codes were altered followed by black screens(driver change), followed by reboot loop saying safemode(kernel alterations), followed by IP addressed of the botnet using port 445 instead of their normal high port(linking to parse codes).
this was in nov 15 - 17


recently a bluescreen saying volmgrx.sys driver unloaded without canceling operations.

i noticed feb 15 to now(but forgot about a recent bluescreen days prior) that put another reboot loop forcing me to reformat again. this change removed the interception that prevented noticability of the worm. also the strings and keylog was altered. if yall didnt notice, injections into your textboxs and source codes while programming made letters and words disapear or switch around. the most important is the annoying timer change to the dns errors. instead of getting a disconnect where 1 ip seems to have changed to the interception, but then forthe first time, fixes itself shortly after.
0

#19 User is offline   KNRover 

  • Full Member
  • PipPipPip
  • Group: Members
  • Posts: 67
  • Joined: 07-January 07

Posted 02 March 2010 - 12:20 PM

View PostPCWorld, on 24 August 2009 - 08:00 AM, said:

Post your comments for Is Your PC Bot-Infested? Here's How to Tell here

I have to amplify other replies here: The article is supposed to tell us "how to tell" if we're infected, but doesn't. I'm about to try BotHunter, but that's the only item in the article that might tell me if I'm part of a botnet.
0

#20 User is online   Tursiops 

  • Newbie
  • Pip
  • Group: Members
  • Posts: 1
  • Joined: 05-April 07

Posted 03 March 2010 - 12:59 PM

View PostStevenK, on 25 September 2009 - 03:18 AM, said:

View PostJakeB, on 26 August 2009 - 03:57 AM, said:

Easy way to tell if your computer is bot-infested:

1. Check the casing.
2. Is there an Apple sign glowing there?
3. If not, your PC is bot-infested.


What's a casing?


A natural (pig, lamb, sheep) or artificial intestinal membrane used to contain bologna or other sausage product. If it contains Apple, it's probably a PaDutch product called "scrapple".
0

Share this topic:


  • 2 Pages +
  • 1
  • 2
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users