Home > Articles > Six ways to deal with Botnets

Six ways to deal with Botnets

October 1st, 2007
Goto comments

Botnets are the threat of our time, so PC World has given us a guide on how to fight them. The guide includes six ways to deal with the problem.

Use something other than Mozilla Firefox or (obviously) Internet Explorer as your default browser. These two are the most popular browsers, therefore most malware is written for them. The same goes for Operation Systems : desktop Linux as well as Macs are, for the most part, safe from botnets.

A drastic measure, but an effective one nonetheless : disable scripts on your browser. This is a good way, unless custom, web-based scripts are crucial to your work.

Use web-filtering services. Services such as Cyveillance, Websence and FaceTime Communications monitor the internet in real time searching for unusual activity. Downloading JavaScript and performing screen scrapes are just two examples of ‘unusual activity’. Websites taking part in this, are blocked to the user, thus making it impossible to surf to these sites accidentally and get infected. Some of these services contact web-site administrators automatically, so they can take care of the problem.

Another means of protection is to tune your Intrusion Detection system and Intrusion Detection and Prevention system. A system that suddenly starts blasting-off on IRC is a suspicious system. So is a system that connects to offshore IPs or illicit DNSes. A sudden growth in SSL port activity , especially in unusual ports is also very suspicious, albeit difficult to notice. Machines routing to e-mail servers other than your own (or in addition to your own) is also an indication of botlike activity. High fetch levels on the web could mean that you are being sent to an infected website.

IPSes monitor for behavior outside of normal web-surfing that may indicate HTTP-based attacks and those from remote-call-procedure, Telnet- and address-resolution-protocol spoofing, as well as others. Most IPSes, though, use a signature-based detection method, so you have to be sure to update the signature database frequently or else it will not be (as) effective.

Restrict your Web 2.0 social network, blogs and forums to only text-based messages and allow only relatively safe file types (such as .jpeg and .mp3) to be uploaded.

Last but not least, have an anti-virus installed and updated. But have in mind, that anti-virus programs are purely reactive, so having installed one after infection might not necessarilly do the trick.

Articles

  1. No comments yet.
  1. No trackbacks yet.