Concerning to:Kaspersky Internet Security 2010
Kaspersky Anti-Virus 2010
Bot (shortened from Robot) is a secretly installed program which automatically and/or by schedule runs some actions using resources of an infected computer. A malicious bot installed on a zombie-computer usually is connected with the control center. The bot receives commands from the center, runs them and sends back results of its work. Control centers can manage hundreds of bots and can also unite into more complicated network structures, creating botnets (bot networks).
Bots and botnets can perform the following malicious actions:
- organize mass spam-delivery
- participate in DoS and DDoS attacks (create conditions under which users are denied or hampered access to the provided system resources)
- participate in brute-force attacks (using special Trojan programs by trial-and-error method hack the passwords necessary to intrude the system).
- load from the command center and run a malicious executable code
Signature analysis is the basic technology of Kaspersky Lab products to detect and fight bots. At present all known bots are added to the signature database of Kaspersky Lab. Upon detection on the computer, a known bot with the corresponding signature is blocked. A wide range of other technologies is used to fight unknown bots and bots which use various methods to hide their presence in the system.
A bot may use vulnerabilities in the OS and in the application installed to penetrate a computer. Most dangerous are vulnerabilities in network applications through which bots can attack computers remotely. Bot attempts to penetrate a computer are screened by Kaspersky Lab components - by Firewall and by a special vulnerabilities scan wizard which allows detecting vulnerabilities in the system.
If a bot still managed to penetrate the system it is blocked by Application Control. This component calculates a security rating for each application launched in the system. The security rating is defined on the basis of several criteria of the application behavior. Thus, the component Application Control allows detecting and blocking work of even unknown threats (including bots).
To hide their presence on the computer bots often use complicated rootkit-methods. Considerable part of bots which use rootkit-methods can be detected by special antirootkit-technologies.
Another technology which can prevent malicious actions of bots are constantly updated “black” lists of URL-addresses. Bots usually load their components and get managing commands, using special URL-addresses, i.e. having blocked work of such addresses Kaspersky Lab products hamper malicious impact of bots.
All these technologies – vulnerabilities scan wizard, Application Control, antirootkit-technologies and “black” lists of URL-addresses – securely protect your computer from the impact of bots and botnets.