How Can I Tell If My Computer Is Part of a Botnet?

How Can I Tell If My Computer Is Part of a Botnet? 491

Posted by timothy on Thursday August 06, 2009 @04:59PM from the check-if-you-are-running-windows dept.

ashraya writes "My father (not too computer literate) has a desktop and a laptop both running Windows in his network back in Hyderabad, India. I set up a Linksys router for him to use with his broadband service. For some reason, he reset the config on the Linksys, and connected it up without wireless security, and also with the default admin password for some time. As you would expect, both of the Windows computers got 'slow,' and the desktop stopped connecting to the internet completely for some reason. As I logged in remotely to 'fix' things, I noticed on the Linksys' log that the laptop was making seemingly random connections to high-numbered ports on various IPs. I did an nslookup on the IPs to see that they were all either in Canada or US, with Comcast and other ISP addresses. Is that a sign that the computers were in a botnet? Are the other hosts part of the botnet too? (I have since rebuilt the Windows hosts, and these connections are not happening now. I have also secured the Linksys.)"

How Can I Tell If My Computer Is Part of a Botnet?

This discussion has been archived. No new comments can be posted.

Search 491 Comments Log In/Create an Account

Comments Filter:

No (Score:5, Funny)

by WindBourne ( 631190 ) writes: on Thursday August 06, 2009 @05:11PM (#28978919) Journal

What it really means is that your dad is a part of an international crime ring and he really is a cracker, without your knowledge. He just felt that you did not have a clue so allowed you to play with his computer.

Re:Well the only fool proof way... (Score:5, Funny)

by iamhigh ( 1252742 ) writes: on Thursday August 06, 2009 @05:15PM (#28978965)

Well the only fool proof way
If that sentence doesn't end with "from orbit" and have "nuke it" in there somewhere it just isn't true!

Doesn't work (Score:1, Funny)

by Anonymous Coward writes: on Thursday August 06, 2009 @05:19PM (#28979025)

Doesn't work in XP.
C> netstat -a | find "LISTENING" [ENTER]
Response: NETSTAT is not not recognized as an internal or external command,operable program or batch file.

Re:Well the only fool proof way... (Score:5, Funny)

by Anonymous Coward writes: on Thursday August 06, 2009 @05:31PM (#28979181)

Did you know that both wireshark and tcpdump use libpcap? Wireshark has a pretty GUI, tcpdump is the command line version.
Perhaps it would help if I explained that in video format.
Captcha was "obvious", this is unnerving.

You can tell if.. (Score:4, Funny)

by papasui ( 567265 ) writes: on Thursday August 06, 2009 @05:32PM (#28979195) Homepage

It makes remarks about wanting to try other operating software. It's unusually concerned about antivirus protection. Plug and Play only works with force-feedback devices. It makes unusually long "hand-shakes" with the email server. It accuses you of installing spyware. It asks you to run your network scans in promiscuous mode. It tells you that it's mainframe never liked you.

Re:Assume it is .. (Score:2, Funny)

by Anonymous Coward writes: on Thursday August 06, 2009 @05:37PM (#28979255)

and show them how to login as their normal username and use "run-as".
Awwww, how cute! He's trying to teach a user something!
Let's watch...

Dear Slashdot (Score:2, Funny)

by $RANDOMLUSER ( 804576 ) writes: on Thursday August 06, 2009 @05:43PM (#28979321)

While my father was cleaning his gun, he loaded it and emptied the clip into his foot. He then reloaded and pumped another four slugs into the same foot. So I was wondering, does any one know where I can get a good deal on Band-Aids? Thanks.

Re:See what is going on with NETSTAT (Score:5, Funny)

by mkramer ( 25004 ) writes: on Thursday August 06, 2009 @05:45PM (#28979357)

This is windows. find == grep. Well, find < grep.

Re:Well the only fool proof way... (Score:5, Funny)

by taskiss ( 94652 ) writes: on Thursday August 06, 2009 @05:47PM (#28979387)

Is a father computer anything like a mother board?

Re:Proof of Infection? Clean Reinstall (Score:2, Funny)

by Anonymous Coward writes: on Thursday August 06, 2009 @05:50PM (#28979413)

For a suspicion? Good luck with that.

Oh, the irony... (Score:5, Funny)

by jafiwam ( 310805 ) writes: on Thursday August 06, 2009 @06:06PM (#28979589) Homepage Journal

Slashdot is doing tech-support for India now?

Some chick named Alanis is calling you subby.

OS Check! (Score:5, Funny)

by dandart ( 1274360 ) writes: on Thursday August 06, 2009 @06:07PM (#28979599)

Q: How do I tell if my computer is part of a botnet?
A: If it's got Windows on it, it is.

Simple check (Score:2, Funny)

by mrsbrisby ( 60242 ) writes: on Thursday August 06, 2009 @06:09PM (#28979637) Homepage

Is it running windows?

He's Lying (Score:2, Funny)

by Shadow7789 ( 1000101 ) writes: on Thursday August 06, 2009 @06:42PM (#28979959)

Sounds like Dad, if that's even his real name, knows more about computers than he is pretending to.

He is clearly torrenting, and your best course of action would be to report his nefarious actions to the authorities.

Not hard... (Score:2, Funny)

by WheelDweller ( 108946 ) writes: <`moc.liamg' `ta' `rellewDleehW'> on Thursday August 06, 2009 @06:59PM (#28980155)

It comes with a logo; looks like a window. :)

Re:Check network connections (Score:3, Funny)

by dotgain ( 630123 ) writes: on Thursday August 06, 2009 @07:07PM (#28980243) Homepage Journal

... and now imagine I chose 'Plain text'
c:\>netstat -b
Your computer is fine.
c:\>
Sweet!

Re:Well the only fool proof way... (Score:4, Funny)

by SCPRedMage ( 838040 ) writes: on Thursday August 06, 2009 @07:08PM (#28980269)

And he totally isn't being paid to refer you!

Because, I mean, he only gets paid when he's SUBTLE.

Re:Well the only fool proof way... (Score:3, Funny)

by hymie! ( 95907 ) writes: on Thursday August 06, 2009 @07:14PM (#28980335)

A horse is a horse,
Of course! Of course!

Re:Assume it is .. (Score:1, Funny)

by Anonymous Coward writes: on Thursday August 06, 2009 @09:55PM (#28981675)

what are you talking about? OSX has a dated Unix command line. All you have to do is type [apple]-[space] term [enter]. You can even make it a little better by typing bash [enter] after that.

Re:Well the only fool proof way... (Score:5, Funny)

by u38cg ( 607297 ) writes: <calum@callingthetune.co.uk> on Friday August 07, 2009 @03:24AM (#28983285) Homepage
My foolproof method:
1. Is it running Windows?
2. Is it connected to the Internet?
If the answer to both your questions is "Yes", then you are most likely part of a botnet. This advice is free of charge.
Re:Well the only fool proof way... (Score:4, Funny)

by selven ( 1556643 ) writes: on Friday August 07, 2009 @06:21AM (#28984111)

Mod parent up.

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

How Can I Tell If My Computer Is Part of a Botnet? 491

How Can I Tell If My Computer Is Part of a Botnet? More Login

How Can I Tell If My Computer Is Part of a Botnet?

No (Score:5, Funny)

Re:Well the only fool proof way... (Score:5, Funny)

Doesn't work (Score:1, Funny)

Re:Well the only fool proof way... (Score:5, Funny)

You can tell if.. (Score:4, Funny)

Re:Assume it is .. (Score:2, Funny)

Dear Slashdot (Score:2, Funny)

Re:See what is going on with NETSTAT (Score:5, Funny)

Re:Well the only fool proof way... (Score:5, Funny)

Re:Proof of Infection? Clean Reinstall (Score:2, Funny)

Oh, the irony... (Score:5, Funny)

OS Check! (Score:5, Funny)

Simple check (Score:2, Funny)

He's Lying (Score:2, Funny)

Not hard... (Score:2, Funny)

Re:Check network connections (Score:3, Funny)

Re:Well the only fool proof way... (Score:4, Funny)

Re:Well the only fool proof way... (Score:3, Funny)

Re:Assume it is .. (Score:1, Funny)

Re:Well the only fool proof way... (Score:5, Funny)

Re:Well the only fool proof way... (Score:4, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot