"Botnet" is not a verb, but it should be. As a noun, it refers to a group of computers (called zombies) that have been compromised by worms, Trojan horses or some other type of backdoor software and are secretly being used by a controller, called a bot herder or a botmaster. 

An article by Danny Bradbury in Backbone's March/April issue illustrates how vulnerable computers are: "Computers can be joined to a botnet simply by visiting a Web site, and staying away from sites offering porn and pirated software won't help. Last summer, thousands of mainstream Web sites were hacked and made to surreptitiously point to a server hosting a malware kit called MPACK. Machines visiting the legitimate sites consequently touched the MPACK software, which scanned for vulnerabilities and infected them, dragging them down into the botnet.

"Thousands of visitors are still blissfully unaware that their PCs are listening for instructions from the botmaster — the person responsible for remotely controlling hundreds of thousands of computers. The botmaster can instruct infected PCs to do almost anything, including sending back a log of all the user's keystrokes, hosting illegal porn and sending out more spam using lists of e-mail addresses sent by the botmaster. When criminals began realizing how profitable botnets could be, they were quick to exploit them. Spammers pay botmasters to send e-mails by the millions through these illicit networks. They have also been used for distributed denial of service (DDoS) attacks, in which tens of thousands of infected PCs are told to send packets of data to a particular Internet address, flooding Web servers with traffic and shutting them down."

And then the situation got even worse in early 2007 when the Storm worm appeared: "Instead of using an IRC server, it employed the same peer-to-peer tactics used by file sharing software such as the old Napster. Instead of taking commands from a central server, PCs infected with the Storm worm relayed instructions to each other, creating a global matrix of infected machines with no single "head" to decapitate. It also obfuscated its activities using encryption, which makes it theoretically impossible for researchers and law enforcement to understand what the botnet is doing."

So clearly botnets are so active that the term should also have a verb form: to be botnetted. But it doesn't have to be this way; in fact, according to three security software vendors, if your computer has been botnetted it's entirely your fault.

Now it has to be said up-front that security vendors have an incentive to say their software protects computers, but even so their responses were definite: as long as both Windows and the security software are kept up to date, there is no chance a PC can become infected.

Lynn Hargrove, director of consumer solutions at Symantec (Canada), said the company's Norton 360 or Norton Internet Security along with its news Norton AntiBot "provides the most effective security solution available against known and unknown forms of malware—including botnets." McAfee's Avert Labs' Security Research and Communications manager Dave Marcus also said users of its software would be protected. For both the message is simple: install software, keep it updated and you're safe. And if a PC is already infected, both products claim they can clean out the botnet code.

The message is slightly different from Websense, which makes content filtering and data leakage prevention software, in that the company does not provide firewall or anti-virus technology and cannot clean infected systems. Instead, Websense works with products like those from McAfee or Symantec and adds an extra layer of protection that prevents users from accessing dangerous sites in the first place. Fiaaz Walji, Websense country manager for Canada, said a clean PC with WebSense, anti-virus and firewall software installed and up-to-date is absolutely safe from botnet infection.

So the message is clear: if your PC is infected by a botnet, and if therefore your banking information and passwords are stolen and your computer slows to a crawl, it's your fault.

Go out and get some good protection.

Peter Wolchak