ITS

Information Technology Services
Information Technology Services

 

Botnets

What is a botnet?

A botnet is a group of internet-connected computers that contain software designed to forward transmissions to other computers on the internet. These transmissions could include, but are not limited to, spam and/or viruses. In many cases, the owners of these computers are unaware that their computer is part of a botnet. Their computers have been compromised by a small program that has been hidden within an innocent-looking email attachment or a free program, like a game or an app. Once on the device, the program can execute whatever task it was designed to carry out. The botnet could contain hundreds of thousands of computers.   

Each computer within the botnet is called a bot or zombie. The bot is controlled by a "bot-herder" or operator that could be located anywhere in the world. At their command the bot-herder can send a command to a single bot or to the entire botnet and all the commanded computers in the botnet will perform the specified task. An example of a task could be a cyberattack where a particular website gets flooded with so much traffic that the site cannot function as normal and will be effectively shut down. This is called a denial of service attack. Other common tasks performed by botnets are to send spam email or steal information.

An important way to protect yourself against bots and other types of malware, is to use anti-malware software designed to prevent, detect and remove malicious programming on your computer. 

Is Queen's at risk?

Yes. All organizations are at risk of botnets.

Universities are at greater risk of botnets because networks are designed to promote collaboration and innovation, but this approach also allows for the dysfunctional aspects of the internet to collaborate. 

According to a report from Russian-based Kaspersky Labs, botnets — not spam, viruses, or worms — currently pose the biggest threat to the Internet.

How do botnets get inside?

  • Surfing a harmful website that exploits a vulnerability in a user's computer
  • Opening a malicious attachment in an email
  • Clicking on a harmful link in an email
  • As a payload from another malware infection
  • A can also botnet exploit a vulnerability in another computer on the same network

What will Queen's ITS do?

Prevent

  • Disable unnecessary services and ports on hosts
  • Patch vulnerabilities
  • Secure the "border" and host including access control
  • Enforce complex passwords and multi-factor authentication
  • Raise awareness, provide training

Detect

  • Active malware scanning
  • Log security events on hosts as well as analyze and correlate events
  • Continuous network and intruder monitoring
  • External threat analysis
  • Observe and report suspicious activity

Respond

  • Shut down command and control communications
  • Isolate infected host or subnet
  • Automate intrusion response
  • Re-image and patch the host; clean malware patch vulnerabilities
  • Change passwords

What should users do?

Prevent

  • Apply operating system, browser and software updates as they become available
  • Never save your password in a browser or application
  • Don't use the Administrator account for your everyday activities
  • Check your browser's security levels
  • Protect your personal information
  • Back up important files regularly to remote services like OneDrive for Business, QShare or Windows File Service
  • Take the Information Security Awareness Training course

Detect

  • Use antivirus software and scan your computer regularly
  • Be aware of phishing attempts to gain access to your personal and/or financial information
  • Don't allow software to download to your computer without your permission

Respond

  • Contact ITS with any concerns - even if you are unsure if they are phishing attempts
  • Choose strong passwords and don't share them with anyone
  • Report any problems with your computer to ITS - these problems could be indicative of a compromised system
  • Report phishing attempts or suspicious email to abuse@queensu.ca
  • Use the "send as attachment" feature of your email client to send a copy of suspicious email to abuse@queensu.ca

 

Last updated: June 2016