Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Can I Tell If My Computer Is Part of a Botnet?

Posted by timothy on from the check-if-you-are-running-windows dept.

ashraya writes "My father (not too computer literate) has a desktop and a laptop both running Windows in his network back in Hyderabad, India. I set up a Linksys router for him to use with his broadband service. For some reason, he reset the config on the Linksys, and connected it up without wireless security, and also with the default admin password for some time. As you would expect, both of the Windows computers got 'slow,' and the desktop stopped connecting to the internet completely for some reason. As I logged in remotely to 'fix' things, I noticed on the Linksys' log that the laptop was making seemingly random connections to high-numbered ports on various IPs. I did an nslookup on the IPs to see that they were all either in Canada or US, with Comcast and other ISP addresses. Is that a sign that the computers were in a botnet? Are the other hosts part of the botnet too? (I have since rebuilt the Windows hosts, and these connections are not happening now. I have also secured the Linksys.)"

21 of 491 comments (clear)

  1. No by WindBourne · · Score: 4, Funny

    What it really means is that your dad is a part of an international crime ring and he really is a cracker, without your knowledge. He just felt that you did not have a clue so allowed you to play with his computer.

    --
    I prefer the "u" in honour as it seems to be missing these days.
  2. Re:Well the only fool proof way... by iamhigh · · Score: 5, Funny

    Well the only fool proof way

    If that sentence doesn't end with "from orbit" and have "nuke it" in there somewhere it just isn't true!

    --
    No comprende? Let me type that a little slower for you...
  3. Doesn't work by Anonymous Coward · · Score: 1, Funny

    Doesn't work in XP.

    C> netstat -a | find "LISTENING" [ENTER]

    Response: NETSTAT is not not recognized as an internal or external command,operable program or batch file.

  4. Re:Well the only fool proof way... by Anonymous Coward · · Score: 5, Funny

    Did you know that both wireshark and tcpdump use libpcap? Wireshark has a pretty GUI, tcpdump is the command line version.

    Perhaps it would help if I explained that in video format.

    Captcha was "obvious", this is unnerving.

  5. You can tell if.. by papasui · · Score: 3, Funny

    It makes remarks about wanting to try other operating software. It's unusually concerned about antivirus protection. Plug and Play only works with force-feedback devices. It makes unusually long "hand-shakes" with the email server. It accuses you of installing spyware. It asks you to run your network scans in promiscuous mode. It tells you that it's mainframe never liked you.

  6. Re:Assume it is .. by Anonymous Coward · · Score: 2, Funny

    and show them how to login as their normal username and use "run-as".

    Awwww, how cute! He's trying to teach a user something!

    Let's watch...

  7. Dear Slashdot by $RANDOMLUSER · · Score: 1, Funny

    While my father was cleaning his gun, he loaded it and emptied the clip into his foot. He then reloaded and pumped another four slugs into the same foot. So I was wondering, does any one know where I can get a good deal on Band-Aids? Thanks.

    --
    No folly is more costly than the folly of intolerant idealism. - Winston Churchill
  8. Re:See what is going on with NETSTAT by mkramer · · Score: 5, Funny

    This is windows. find == grep. Well, find < grep.

  9. Re:Well the only fool proof way... by taskiss · · Score: 4, Funny

    Is a father computer anything like a mother board?

    --
    - real hackers don't have sigs -
  10. Re:Proof of Infection? Clean Reinstall by Anonymous Coward · · Score: 2, Funny

    For a suspicion? Good luck with that.

  11. Oh, the irony... by jafiwam · · Score: 4, Funny

    Slashdot is doing tech-support for India now?

    Some chick named Alanis is calling you subby.

  12. OS Check! by dandart · · Score: 5, Funny

    Q: How do I tell if my computer is part of a botnet?
    A: If it's got Windows on it, it is.

  13. Simple check by mrsbrisby · · Score: 1, Funny

    Is it running windows?

  14. He's Lying by Shadow7789 · · Score: 2, Funny

    Sounds like Dad, if that's even his real name, knows more about computers than he is pretending to.

    He is clearly torrenting, and your best course of action would be to report his nefarious actions to the authorities.

  15. Not hard... by WheelDweller · · Score: 2, Funny

    It comes with a logo; looks like a window. :)

    --
    --- For a good time mail uce@ftc.gov
  16. Re:Check network connections by dotgain · · Score: 3, Funny

    ... and now imagine I chose 'Plain text'

    c:\>netstat -b
    Your computer is fine.
    c:\>

    Sweet!

  17. Re:Well the only fool proof way... by SCPRedMage · · Score: 4, Funny

    And he totally isn't being paid to refer you!

    Because, I mean, he only gets paid when he's SUBTLE.

    --
    My sig can beat up your sig.
  18. Re:Well the only fool proof way... by hymie! · · Score: 3, Funny

    A horse is a horse,

    Of course! Of course!

  19. Re:Assume it is .. by Anonymous Coward · · Score: 1, Funny

    what are you talking about? OSX has a dated Unix command line. All you have to do is type [apple]-[space] term [enter]. You can even make it a little better by typing bash [enter] after that.

  20. Re:Well the only fool proof way... by u38cg · · Score: 4, Funny
    My foolproof method:
    1. Is it running Windows?
    2. Is it connected to the Internet?

    If the answer to both your questions is "Yes", then you are most likely part of a botnet. This advice is free of charge.

    --
    [FUCK BETA]
  21. Re:Well the only fool proof way... by selven · · Score: 3, Funny

    Mod parent up.