How to know if your PC is part of a botnet
Botnets are the "big bad wolf" of the Internet, and the problem is that your PC might be a part of one, and you might not even know it. For those of you who are not familiar with the topic, botnets are an "army" of computers which get infected with specific malware and are then used by the attacker for illegal activities such as spreading viruses to other computers, spamming or flooding web targets. Also known as "zombie armies", the PCs operate without the knowledge of their owners. The largest botnet that we know about was called Oficla, included as many as 30,000,000 computers and was shut down and dismantled in November 2010. In case you're worried about such things, here's how to find if your PC is part of a botnet:
Symptoms of being a "zombie"
If your PC isn't acting strange in any kind of way, there's no reason for you to worry that it may be part of a botnet. However, there are several signs which can tell you that your PC might be a zombie. Here are the most common ones:
- Your computer never shuts down properly or takes a very long time to do so: this indicates that there are some processes running which your operating system has a hard time shutting down, and the regular applications that you install generally don't do that. This could indicate the fact that your PC is part of a botnet, but it could also mean that you've picked up some kind of regular virusб so you will need to use a process of elimination to find out which one it is.
- Your fans are working even harder when your PC is idle: smart botnets will try to conceal their presence as much as possible, so they will try to avoid the user's suspicions by doing their thing only when the computer isn't in use. The fact that your fans kick into overdrive while your computer isn't active usually means that there's a background process which uses resources. Don't get alarmed just yet, this could also mean that your Windows is performing updates, or that there's too much dust on your fan, so rule those out first.
- Your hard-disk start working intensively for no reason: make sure that there aren't any updates going on, but if there aren't, and you weren't doing anything on the PC while this happened, you should be slightly worried.
- Windows updates / antivirus updates or installation not working: not being able to update your Windows or antivirus program (or even install a new security application) is usually a clear sign that something is very wrong. You can't know for sure if you're actually part of a botnet or of it's just some other kind of the malware, but you definitely should check it out.
- Your Internet browsing and downloading speed is very slow: this could mean that something from your PC is using your Internet connection without you knowing. First, make sure that there aren't any updates running, and that your torrent client isn't running. If not, then perform an Internet speed test, and if everything looks normal than your computer is most likely a zombie.
The symptoms are there. How about a cure?
The part about a cure is a little bit more delicate than anyone cares to admit. To put it very simply, depending on the type of infection that has been used to add your computer to the botnet, you may not be able to completely get rid of the problem. However, here are a couple of things that you can try:
- Microsoft Safety Scanner - this tool has proven to be effective versus some botnet infections over the years, so in my opinion, this should be your first step. The application (also known as Malicious Software Removal Tool) is completely free and contains signatures of many known botnets.
- Bot Revolt - is another solution that seems to work. To be completely honest, I didn't test the application myself, but one of my friends did, and it actually helped solve his botnet issue. The tool constantly monitors all your inbound communications, being able to recognize suspicious or unauthorized access, keeps an eye on every installer that you use, constantly checks your registries and is not only useful for finding infections, but also for preventing them.
- RUBotted - coming from Trend Micro, this freeware program contains digital signatures of several known botnets and is also capable of discovering currently unknown botnets. Additionally, the application is quite proficient at cleaning up an infection form your PC, but it uses an online feature called House Call in order to do this, so you will need a decent Internet connection.
- Mirage Anti-Bot - a tool that contains a database of URLs known to spread botnet infections. The tool keeps you safe from these URL addresses and allows you to add your own links that should be blocked.
While the previously mentioned tools will probably help, there are cases in which there isn't anything you can do, except maybe buy new hardware. Certain infections can affect your RAM or directly your router, which makes them nearly impossible to clean. So, if none of the applications I've shown you are helping, you should seek help from a specialist.
If computer security is a topic that interests you, then you might also want to find out what is ransomware and how to protect yourself against it, learn about how to keep your browser safe from hackers or read about how to know if your router has been infected.