1. Macos Botnet Zombie Check Software Checking
2. Macos Botnet Zombie Check Software Check List

1. Jul 01, 2014  A “bot,” short for “robot,” is a type of software application or script that performs tasks on command, allowing an attacker to take complete control remotely of an affected computer. The compromised machine may also be referred to as a “zombie.” A collection of these infected computers is known as a “botnet.”.
2. More than 600,000 Macs infected with Flashback botnet. Russian antivirus company says half the computers infected with malware designed to steal personal information are in the U.S.

A botnet is a network consisting of hacked computers that are infected by malware and can be controlled by the botnet owner without the computer owner’s knowledge. They bots can be used to launch DDoS attacks that causes a website to go offline, sending spam messages, driving fake traffic, clicking advertisements and many more depending on the creativity of the botnet owner. Normally the user won’t even notice that their computer is a zombie bot being controlled because the malware is programmed to stay infected as long as possible bypassing both known antivirus or firewall software and does not damage or change any part of the operating system that may trigger the owner’s attention.

Some of the ways for an Internet user to get infected by malware turning their computer into a zombie bot is by downloading unknown files, visiting hacked websites and running email attachments blindly. Most of the time a computer infected by a bot malware will not find anything suspicious because it is very light on the system other than taking up the Internet bandwidth. Some bots can even run an invisible speedtest to determine the full speed so that it only uses up half of the bandwidth to avoid any suspicion by the owner.

Detecting infection associated with bots using antivirus and firewall is ineffective because they are normally made fully undetected through obfuscation before they are spread. A more effective way to detect bot infection is by analyzing the computer’s behavior and here are 6 tools that does that.

1. DE-Cleaner powered by Avira

DE-Cleaner is a free service initiated by the Association of the German Internet Industry to increase the awareness of the user’s computer being a part of botnets. The official website contains information explaining botnets, how you get infected and etc. Two well-known security companies that creates one of the most popular antivirus software, Avira and Kaspersky has participated in this project, offering free scanner tools to detect and remove malicious software including bot malware.

Avira DE-Cleaner installer requires an Internet connection to download the program and latest pattern files. Take note that the graphical user interface is only in German but it can be easily used by clicking two buttons. It is possible to copy the Avira DE-Cleaner to an external USB drive for portable usage by clicking the “Auf USB-gerät kopieren” option located at the top of the program window.

A botnet may be remotely controlled by the creators of the malware that drives it (hence the 'zombie' appellation) or it may be rented out by spammers or other persons of ill will.

Download DE-Cleaner powered by Avira

2. DE-Cleaner powered by Kaspersky

DE-Cleaner powered by Kaspersky is actually the same as Kaspersky Virus Removal Tool or simply known as AVPTool with a German language interface. Unlike Avira De-Cleaner, Kaspersky De-Cleaner doesn’t have an online update so you’ll have to download the latest version from their website if you need an up-to-date version.

Unfortunately Kaspersky DE-Cleaner is using the previous version of Kaspersky Virus Removal Tool version 10 while the current build with an English interface is already at version 11 which can be downloaded from the official Kaspersky’s website.

Download DE-Cleaner powered by Kaspersky

3. RuBotted

RuBotted is a free bot infection monitoring tool created by Trend Micro that is very easy to use with zero configuration or knowledge required. Simply download, install and allow the program to run automatically during Windows startup which will sit quietly in the notification area monitoring your Windows system.

When an infection is found, RuBotted uses another one of their free tool called HouseCall to clean up the bot malware. Other than monitoring files for suspicious bot-like behavior, RuBotted also works with their cloud based technology called Smart Protection Network to further detect both known and unknown botnets. One of the downside of RuBotted is it was last updated end of 2010 and still labelled as beta.

Download RuBotted

4. Mirage Anti-Bot

Mirage Anti-Bot is created by Jean-Pierre LESUEUR, the founder of Phrozen Software and is also the creator of DarkComet RAT. Basically Mirage Anti-Bot uses the Windows HOSTS file to prevent you from connecting the known command and control servers. The list of known bad URLs are downloaded from abuse.ch that tracks ZeuS, SpyEye and Palevo C&C servers. Other than that, PhrozenSoft also has their own global database and you can also add custom new host.

By defeault Mirage Anti-Bot will automatically updated the block list but you can also manually force an update check by clicking the Update button. One of the potential problem with Mirage Anti-Bot is it doesn’t backup the original HOSTS file before adding a bunch of hosts into it and there is no option to restore the original HOSTS file.

Download Mirage Anti-Bot

5. Bot Revolt

Bot Revolt claims to an anti botnet consumer software that protects your computer from virus, bots and hackers. After testing, we found that Bot Revolt merely does the exact same thing as PeerBlock which is blocking known bad IP addresses according to categories such as governments, corporations, anti-P2P machines and countries. Their IP address list are compiled from a few sources such as spamcop, i-blocklist, spamhaus, blocklistpro and claims to block over 1 billion IP address. IPv4 only has a total of 4.3 billion addresses which means Bot Revolt has already blocked 23% of it…

Whenever your computer receive a packet, Bot Revolt checks the source of the incoming packet with their blocklist and will automatically allow or block the packet depending on the configuration. Bot Revolt is a shareware that cost $47 per year and the downloadable demo trial version is nearly fully crippled because you can only install and run the program. All buttons are disabled and you cannot even scroll the scrollbar to check on the lists of connections.

Download Bot Revolt

6. Norton Power Eraser

Norton Power Eraser used to be part of DE-Cleaner but has been withdrawn for some unknown reason. Unlike an antivirus software, the Norton Power Eraser uses aggressive method to detect rootkits, bot, scamware and can also result in being advised to remove legitimate programs.

Running the program will automatically check for an updated version and will download if it is available. At the main window, the Scan for Risks button will only run after a restart. Clicking on Advanced allows you to run 3 different types of scan which is reputation scan, system scan and multi-boot scan. Norton has always relied heavily on their reputation system scan whereby an unknown or less popular application will automatically get flagged as suspicious.

Download Norton Power Eraser

You might also like:

8 Free Removal Tools to Detect and Clean Brontok Virus10 Free Anti-Malware to Scan and Remove Malwares15 AntiRootkits to Detect and Remove Malware that Uses Rootkit Technology5 Free Software to Scan your Computer with Multiple Antivirus Engines7 Tools to Detect Non-Windows or Non-Microsoft Services

Stupid hooled MS OS the root of all problems !!! Nothing changes for the best but problems are more and bigger ! When would MS go broke due crapy OS ???

Reply

Hi Raymond,

informative article. thank you. Maybe you readers are interested in our online solution virustracker.net/ where you can check any IP or CIDR for malware infections. If you could add our tool to your list if would be awesome.

Reply

thanks for the article, it has been very useful in my Infosec module at school

Macos Botnet Zombie Check Software Checking

Reply

thanks,…very useful article

Reply

Thanks Raymond – very helpful indeed for peace of mind.

Reply

you are sharing nice articles. Thank you very much.

Reply

sounds interesting..thanks raymond..love the site..keep up the good work..and thanks for this software..

Reply

thanks

Reply

thanks Sir Raymond …Great help for me especially for my Pc security project …Great Article !

Reply

Just wanted you to know that I enjoy your blog and the wealth of great information it provides. You are doing a great job

Reply

thank you very much, I’m downloading it now.

ReplyWhat are Bots, Botnets and Zombies?
You have probably heard terms such as “bots,” “zombies,” and “botnets” in recent news stories about data breaches and other cyber security risks. But what exactly are they, how do they work, and what damage can they cause?
A “bot,” short for “robot,” is a type of software application or script that performs tasks on command, allowing an attacker to take complete control remotely of an affected computer. The compromised machine may also be referred to as a “zombie.” A collection of these infected computers is known as a “botnet.”
Hundreds of millions of computers worldwide are infected with bots and under the control of hackers (i.e., part of a botnet). The owners of these computers typically do not experience any signs that the machine is infected and continue to use it, unaware they are being controlled remotely by a cyber criminal. In fact, the infected machine could be sending multiple spam emails, including to all contacts in the computer, making it appear to the recipient that the email is legitimate and from someone they know.
A botnet that has recently been in the news is the Gameover Zeus Botnet, which allows the cyber criminals to retrieve banking passwords from the infected machines, or use the botnet to infect more computers. This botnet was responsible for nearly one million infections worldwide since its first attack in September 2011.[i] In June 2014, U.S. and international law enforcement seized control of the botnet, and are working with Internet service providers (ISP) to notify impacted victims.
How and Why Do Cyber Criminals Use Botnets?

• The value of bots and botnets to criminals comes from aggregating massive numbers of computers they can control simultaneously to perform malicious activities.
• Cyber criminals may use the botnets to send spam, phishing emails, or other scams to trick consumers into giving up their financial information.
• Cyber criminals may also collect information from the bot-infected machines and use it to steal identities, incurring loans and purchase charges under the user’s name.
• Cyber criminals may use botnets to create denial-of-service (DoS) attacks that flood a legitimate service or network with a crushing volume of traffic. The volume may severely slow down, or even shut down, the organization’s business operations. Revenue from DoS attacks comes through extortion and leasing botnets. The criminals will rent botnets to groups interested in inflicting damage to another entity. The “renters” will use the botnet for sending spam and phishing emails or attacking legitimate websites and networks. These groups include 'hacktivists' — hackers with political agendas—as well as foreign military and intelligence organizations.

Don’t Let Your Computer Become a Bot
It only takes moments for an unprotected, Internet-connected computer to be infected with malicious software and turned into a bot. Every user should have up-to-date security software on all their devices.
The best protection is to set your anti-virus and anti-spyware programs to automatically update, and to automatically install every patch made available for your operating system and browser.

Macos Botnet Zombie Check Software Check List

Do not click on links in unsolicited emails.
Do not click on links from your friends and family if they are not using updated security measures. They may unknowingly transmit an infection on their machine to yours.
While there is no single action that will protect you from all of the cyber risks, by implementing these foundational best practices, you can greatly reduce the likelihood that your computer will be caught in the next botnet.
Sources and References