3 basic steps to avoid joining a botnet

Employing just one strategy won't cover you

Banging the drum for security awareness never gets old. As much as CSOs try to get folks to bone up on safe practices (both online and in the office), there are always going to be some who need reminding.

Online, the biggest battle these days is against botnets: networks of infected computers which hackers can use -- unbeknownst to the machine's owner -- for online crimes including sending out spam or launching a denial of service attack.

Unfortunately, the black-hat techniques employed to snare users into a botnet web have evolved to a level that makes them often undetectable by even the most sophisticated security products. Combine that with a lack of user knowledge, and the threat of infection becomes very high. (See: Botnets: Why it's Getting Harder to Find and Fight Them).

"The frustrating thing is they can make their chances of getting infected much, much smaller," said Steve Santorelli, who sees how users fall prey to easily avoidable traps every day. Santorelli, director of global outreach with the non-profit security investigations firm Team Cymru, spends his days monitoring malicious online activity, particularly botnets.

Santorelli notes that while just one strategy probably won't cover you, with several tools in the tool box, the rate of infection within an organization significantly drops.

Tip 1: Have work AND home machines regularly updated with patches and antivirus software

The average user doesn't necessarily have a lot of technological knowledge, said Santorelli. They might not realize the importance of working with IT to ensure they are up to date with patching and software upgrades. This problem may be especially prevalent among workers who are exclusively remote.

In fact, a study conducted by security firm Sophos last year found most computer users ignore security updates and turn off their firewalls. Sophos scanned 583 computers for 40 days and found that 81 percent of the machines failed one or more basic security checks. Most machines, 63 percent, were lacking security patches for the operating system, office application and programs like Windows Media Player and Adobe Flash. More than half, 51 percent, had disabled their firewall and another 15 percent had outdated or disabled antivirus and anti-spam software.

Those are exactly the folks that criminals love.

"These people are going to go for the low-hanging fruit and unfortunately there is a lot of it out there," said Santorelli. "There are so many machines without updated AV on it."

If your patching system isn't automated, your users need to be made aware of the risks they are taking by working with unpatched and out-dated security technologies. And while security updates are not the cure-all for malware infection, Santorelli said they certainly serve as a strong deterrent.

"If you are walking down the street as a burglar and you see a house with a Rottweiler, and a visible sign from a security company, you probably won't attack that house," he noted.

Tip 2: Use the latest browser versions

Staying away from dubious sites and sticking to known brands used to offer reasonable online safety. Unfortunately, that's less and less foolproof.

"It used to be that if you surfed to places like CNN, or the Weather Channel, you weren't going to come across great deal of malware," said Santorelli. "That isn't the case anymore. We've seen a number of cases recently where people have gone to a legitimate web site and there is an advertisement up there hosting some kind of malicious code."

That is where the latest safe browsing technologies can help, said Santorelli. The latest versions of today's browsers will often flag potentially dangerous content.

"Browsers are so much more secure now that so many of the holes that existed in these browsers have been patched. There is also a great deal of anti-phishing and anti malware that goes into them now. So if you try and go to a link that contains malware, your AV might not pick it up. But your browser will say: "Are you sure?"

The good news is most browsers are free. You can download the latest version of Internet Explorer or Firefox fairly easily and quickly, too.

"It will only take you five minutes to have the latest browser technology," said Santorelli. "It is just another string to your bow, so to speak."

Tip 3: Be a little more careful when you get a link or an attachment.

"Don't just blindly click on things and rely on other people to protect your computer," noted Santorelli. "You've got to take some responsibility for your own security."

Team Cymru research reveals that the most common attack vectors for installing malware continue to be links in emails, or drive-by downloads.

"We know from our recent investigations that there is a great deal of success to be had [for hackers] by just sending links out," he said.

Just because you receive the email from someone you know and trust, it doesn't mean it is safe. This includes friends and family, whose systems or accounts may have been compromised, and also well-known web sites you use, like social networking sites or banks. See Five More Facebook, Twitter Scams to Avoid for examples of current attempts to exploit social media sites. And large banks, such as Bank of America, often find their name is used in email phishing scams where thieves send out messages warning that customers their account has been compromised with a link that leads to a fake, but very legitimate-looking login screen.

Of course, whether or not you should click any link or attachment also depends on if you have complied with steps 1 and 2 above.

"You're going to have to take it on a case-by-case basis," said Santorelli "And my concern would be significantly raised if I didn't have my computer up to date with antivirus and browsing technologies."

Join the CSO newsletter!

Error: Please check your email address.

Tags botnetssecurity

More about Adobe SystemsCNNFacebookNNSophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Joan Goodchild

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts