Online criminals threaten consumer and businesses data, and the entire Internet. Bots, botnets, and zombies present a significant threat because criminals can use them to launch large-scale attacks by using many computers. A bot is a software robot that can be controlled remotely. It infects a computer without the knowledge of the computer user through a virus or worm that carries a Trojan program. Criminals who send out the bots typically use them to infect large numbers of computers, known as zombies, to create a network. These networks are referred to as botnets, and those who create them are known as botherders. Botherders rent their botnets to people who send large volumes of spam. Phishers use botnets to send phishing e-mail messages, which are used to steal personally identifiable information (PII); most bots can find data such as bank account information already stored on the target computers, or zombies. A botherder can use a keystroke logger to monitor everything an unknowing user does on a computer that is hosting a bot. Botnets also threaten Internet service and other infrastructure providers because they have the capacity to use large amounts of bandwidth, and they can be used for denial-of-service attacks. Botnets can also be used to spread malware, install spyware, or engage in advertising click fraud, in which bots click links to generate revenue or create cost for a competitor. The Microsoft approach to botnets is both deep and broad. It includes developing innovative technologies, as well as providing advice for businesses and home computer users, collaborating closely with law enforcement and public policy makers, and collaborating with key industry and business organizations such as the International Botnet Task Force, the Anti-Spyware Coalition, and the Authentication and Online Trust Alliance (AOTA). Innovative Technologies Combat BotnetsMicrosoft offers other innovative technologies to combat the botnet threat: | • | Windows Vista. A number of significant security advances in Windows Vista make it much more difficult for a botherder to infect and gain control of a computer running the operating system. These defenses include User Account Control and Internet Explorer 7 Protected Mode. | | • | Sender ID. Bots often propagate spam, and Sender ID detects and blocks more than 25 million illegitimate e-mail messages every day. Microsoft has deployed Sender ID in all of its e-mail solutions, including Microsoft Exchange Server 2003, Microsoft Exchange Server 2007, and Windows Live Hotmail. | | • | Microsoft Phishing Filter. Microsoft Internet Explorer 7 and Windows Vista also offer protection through the Microsoft Phishing Filter, which can detect and block suspicious Web addresses and Web pages. | | • | Microsoft Windows Defender and the Microsoft Windows Malicious Software Removal Tool. Windows Defender protects personal computers against spyware. The Malicious Software Removal Tool checks computers for infections by specific malware and cleans any infections. Both of these tools are included with Windows Vista and can be downloaded for free to computers that are running Microsoft Windows XP SP2. Microsoft updates these tools regularly, sometimes even daily. |
The First Line of DefenseThe best defense is to help secure computers so that they do not become infected by a bot and become a zombie in a botnet. Microsoft recommends the following measures: | • | Install an Internet firewall, such as Windows Firewall (included with Microsoft Windows XP and Windows Vista), and turn it on. | | • | Keep all software on your computer up to date, including Windows, Microsoft Office, and antivirus and antispyware programs. | | • | Install reputable antivirus and antispyware products. To keep ahead of constantly changing bot codes, run them regularly and update them daily. | | • | Install and run products such as Windows Live OneCare (for home systems) and Microsoft Forefront (for the enterprise) to detect and clean malware, including spyware and adware. |
ToolsResources and InformationWebcasts | |
