Friday, November 30, 2007

Botnets: Is Your Computer Commiting Crimes?

KXL Tech Expert Segment for 30 November 2007

By some estimates one in four computers connected to the internet is working overtime – without your knowledge. These hijacked systems could be hacking into computer systems, stealing identities or flooding websites in an attempt to shut them down. Called “botnets”, these underground, and mostly hidden, networks are being shut down thanks to International law enforcement efforts spearheaded by the FBI.

Protecting your system from becoming a drone in a hacker’s botnet army requires safe computing practices. While some opt for drastic measures such as pulling the plug on your internet connection – you can leave your system running and keep it focused on the tasks you choose and from doing a hacker’s dirty work.

Keep your operating system current.
All computer software – and the operating system (i.e. Windows, Mac OS) especially– requires periodic updates. Security updates and vulnerability patches should be installed immediately to plugs holes in software that can be used to take over your system. For most home users, setting the updates to download and install automatically is usually recommended. To keep your computer at work patched, ask your IT Help Desk for their plan to keep your system up-to-date (they may have special concerns, procedures, or prefer to test updates before they get installed).

Run the latest anti-virus software – regularly.
The anti-virus software you got with your new system last year will only help you squash bugs that were identified last year. If you haven’t updated the data files for your anti-virus software, you may be operating under a false sense of security. All anti-virus software is capable of checking for the latest definition files (the list of what exploits are out there and how to inoculate against them) – but some must be configured to do so.

Look for spyware.
Spyware, like virus infectons, are malicious bits of code completing tasks you never intended. A good anti-spyware program is called “AdAware” (the basic version is free) and will clean your system of known software that could be extracting your personal data and sending it to the cyber crooks. Having a machine full of spyware could make your computer an easy target for enrollment in a botnet's virtual network of evil.

Check your firewall – or get one.
A firewall is a device that sites on your home or office network between the computers you use and the Internet. Acting as a gatekeeper, the firewall prevents unwanted traffic from directly accessing your computer. A “front door” to your home network, you can choose which traffic (and from who) to let in – and keep out the bad guys. You can also run firewall software that monitors incoming network traffic on an individual computer – a handy option for those using one or two computers connected online directly. Most recent operating systems include a built-in basic firewall.

Use good passwords and change them often.
Perhaps you've been tempted by that “special offer” or met someone online who has been dying to meet you (and 100,000 of her closest friends) – but were you the subject of a phishing attack? “Phishing” is a tactic to extract personal information (passwords, credit card numbers, etc.) by posing as seemingly legit websites. Victims often click on enticing offers received by email or in response to notifications that appear to be from a bank or online merchant. If in doubt, close the email and contact that company directly – either by phone (“did you send me this email?”) or by accessing the website directly (i.e. typing the address into your browser manually – don’t click the link from your email), or via. a trusted search engine. “If it smells like a phish...”

Watch for suspicious signs and get help.
Is your computer not quite acting like you think it should? Are you finding it takes longer to perform routine tasks? Are the lights blinking when nobody’s home? Suspicious behavior or degraded performance could indicate your computer is being used in a botnet. Have it checked out by an expert who can monitor system processes and check for other vulnerabilities.

While no single tip will completely block hackers, and new exploits and tactics are being discovered constantly – practicing safe computing will help keep your system out of the hands of the bad guys.

Listen to this report, originally broadcast on KXL-AM Friday November 30: kxl_techexpert-botnets_20071130.mp3 (MP3)

Do you have additional tips? Any horror stories you’d like to share? Drop me an email (techexpert AT brianwestbrook DOT com) or post to the comments – I’m here to help.

No comments: