Eavesdropping on Computer Bots


“I have two machines here running in an isolated network. I infect one with the malware, and I have the other machine pretending to be the entire Internet,” he explained.

The second machine, known as a sandnet, is a custom-made tool for analyzing malware in an environment that is isolated, yet provides a virtual Internet for the malware to interact with.

“I can sit back and see all the interaction up to point where it [the infected machine] joins botnet’s control channel. Then I can take that information, go outside and replicate it. I can see what the real server is doing to get an entire picture of the operation,” Stewart said.

The scary part of this experiment:

“The lesson here is once you get infected, you are completely under the control of the botmaster. He can put whatever he wants on your machine, and there’s no way to be 100 percent sure that the machine is clean,” Stewart said in an interview with eWEEK.

What’s the solution? Wiping your hard drive clean and starting all over again with a clean installation.

Let that be a lesson — scan for malware/spyware on a regular basis. Even that is not a 100% guarantee of safety but it’s better than the alternative. Check out this earlier post on avoiding spyware/malware/viruses for directions on how to proceed.

Here's A Few More Related Posts:
  1. Malicious-software spreaders get sneakier, more prevalent

No Responses to “Eavesdropping on Computer Bots”  

  1. No Comments

Leave a Reply