How to avoid falling for scams, phishing and bot masters

We recently saw the destruction of a ‘botnet’, a collection of computers around the world that are, without the knowledge of their owners, dedicated to sending out spam messages – unsolicited offers for dodgy deals.

After it was taken down the volume of spam messages being sent each day dropped an enormous amount, according to security researchers.

We are going to investigate what a botnet is, why it’s important to keep your computer secure to avoid becoming part of one, and the link between botnets and organised crime.

Phishing and spam
It used to be the case that computer viruses were written by people with nothing more malicious on their minds than vandalism, at worst. But nowadays most viruses and other forms of malicious software are created by or for criminals who use them to extract or extort money from unsuspecting internet users.

One example most of us will have come across is the ‘phishing’ email, which arrives in a user’s inbox and suggests that their account at some bank or other, or Ebay or Paypal, has been breached, or is up for renewal or otherwise needs to be validated. By clicking on the link in the email, the user is taken to the criminal’s own website instead of the genuine login page.

The user then enters their username and password and this is then used by the criminal to break into the user’s account either to directly steal money, or for other uses – if it’s an Ebay account, it may be used to set up fake auctions or to place fake bids on the criminal seller’s own auctions, for instance. Similarly, conventional spam emails usually offer dubious health treatments, super-cheap watches and get-rich quick schemes.

What these have in common is that both sets of emails are being distributed by botnets, collections of computers (known as ‘bots’, short for robots) under the control of a criminal.

The old way to send spam
Before the days of botnets, spammers would send email from their own computers, or using services that would send out millions of emails at a time for them. But anti-spam techniques improved and could detect and filter all the emails coming from a single PC.

Spam and phishing are volume businesses – they depend on sending out millions (or even billions) of messages in the hope that a tiny percentage of recipients will click on them. If you are sending enough emails, even that tiny percentage is worth big money.

What spammers needed was a way to distribute very large numbers of emails that were impossible to trace to a single source. The solution was provided by unscrupulous programmers, hired by organised criminals to create viruses.

Instead of creating a virus that steals information, the new type of virus installs a piece of code that instructs an infected computer to churn out thousands of emails. Because the computers are distributed across the world, the resulting emails are harder to identify as a single spam attack.

How does it work?
To begin with, the operator (the ‘bot master’ or ‘herder’) will send out emails containing viruses to a large group of people – this itself may be done by a botnet.

Users who open the email attachments and run them will have their computers taken over, but there may not be any signs that this has happened.

Unlike with other malicious software, there may be no reason to think that your computer is being used for malicious acts, other than a slowing down of internet speed, or general computer speed. However, both of those are common even on uninfected computers so it’s not easy to judge.

Once the computer is infected with the ‘bot’, it will connect to the bot master’s computer somewhere on the internet. When a spammer or criminal wants to use the botnet they will pay to hire it for a set period.

For as long as the spammer continues to pay, the botmaster will instruct all the computers in the botnet to continue sending out spam. The authorities are on the case, as are technology and security companies.

Microsoft-coordinated raids by US Marshals in March saw the end of the Rustock botnet, which controlled up to two million computers and was sending up to 30 billion emails a day. At its most potent in 2010 it was responsible for nearly two thirds of all spam sent.

Our verdict
The way to stay safe online is the same as ever: first, treat email attachments with suspicion, even if they appear to come from friends, and don’t click on links in email unless you know for sure that they are legitimate.

Ensure your security or anti-virus program is up-to-date, working properly and running regular scans.

Use the latest release version of your web browser and make sure Windows (or whatever operating system you are using) has all the latest updates installed.