Botnet Detection and Cleanup
Botnet is one of the major security threats nowadays. If our devices are part of botnet, they will be controlled by attackers to participate in some illegal activities; with botnet, attackers can launch sophisticated and destructive attacks, which result in wider information leak and serious service unavailability.
As we rely heavily on computer and the Internet, data and service damage can seriously affect our assets and daily life.
Literally, "botnet" means "a network of bots". "Bot" is short for "robot", which means a device is controlled by someone called the "bot herder". To make your device become part of a botnet, a "bot software" is installed via malware infection. The "herder" can make the bot do anything by issuing commands via a command and control (C&C or C2) server. A botnet can contain hundreds to millions of devices, including PC, Mac, Linux servers, home router, smartphone etc.
The combined resource of controlled devices become a powerful tool to launch destructive or sophiscated attack like sending billions of spam email, huge bandwidth DDoS and targeted financial fraud.
How botnet works (image created by Tom-b: http://commons.wikimedia.org/wiki/File:Botnet.svg)
The following instructions are applicable to the cleanup of typical botnet infection on Windows PC. You can also refer to other cleanup tools on "Security Tools" page (click here). For specific botnet and solution on other platforms, please refer to the next section.
Max no. of IP addr detected (approx) by operation
Detection and Cleanup Reference
To response to the growth of botnet in Hong Kong, HKCERT has taken the following actions in the past few years: