How can we let you do the terrible things worse? If you are a liar who operates botnets often expanding network of computers infected with malicious software your zombie network link together to form a huge "botnetweb." The way you do, it is difficult by anti-virus package. Botnetwebs to send spam or malicious software to millions of computer time. They also represent a highly flexible infection, the use of multiple files. Disinfection may be an attempt to eliminate some documents, but those tend to stay in the back of the scrub of the redownload.

Bandits “are not a group of adults sitting in a dark room in a number of developing countries in the fun of these zombie networks," FireEye a California, Security Company has created a long-term botnetweb. "This is the person who organized the form of running, advanced business."

In the past, a malware author means that the competition between infections may sometimes find opponents on the infected machines, and then delete it. Recently, attention to seize the Conficker patch Windows vulnerability the worm, which uses infected machines, effectively shutting the door behind him in order to prevent infections and other malicious software.

FireEye found that there was no competition, but cooperation and coordination between the major spam botnets, which is equivalent to a change in the way of sea-level malicious software engineering. Investigation of the company command and control (C & C) server used to send the pace of the proceedings, which may include forwarding spam or download additional malicious files. The Pushdo, Rustock and Srizbi zombie network, it found that C & C server is responsible for every zombie networks were hosted in the same facilities; the IP address for server is also the scope of the same. If different zombie network competition, they may not have the number. This Botnetweb millions of personal computers are strong more evidence from Finjan said botnetwebs, network security Equipment Company in California. Finjan said the company can find a C & C server to send spam, malicious software, or remote control commands, so as to achieve 1.9 million roaming.

The C & C server administrator account 6, together with the cache dirty procedures. Ophir Shalitin, Finjan said the company's director of marketing, Finjan companies do not know the program which the computer may be infected and, perhaps more importantly, these malicious software to obtain the initial infection. The company's track (now defunct) Command & Conquer server IP address, to Ukraine and found that there is evidence that the rental for the zombie network resources is 100 U.S. dollars a day, the robot 1000.

According to Alex Lanstein, a senior security researcher at FireEye, distributed collection of zombie networks to make a lot of bad guys. If law enforcement or security company C & C server was shut down a single botnet any crook can make a profit to survive the zombie network.

Create such zombie networks are usually the "dropper" malicious software, Lanstein that the use of "pure-Jane, vanilla technology", there is no strange encoding, or may lead to the red flag of anti-virus applications. Once the computer has entered a dropper (usually driven through a download or e-mail attachments), it may withdraw from the Trojan horse, malicious software, such as hexagonal with the issue of Finjan found that the server vendor. This change was first Hexzone found that only four of 39 anti-virus engine, the total number of viruses.

Imbalance to the mole disinfection
And these days, a number of malicious software is often involved in the document, which makes more persistent burglar, in the face of attempts to remove it. Zeus in the observation of a Trojan horse to try to clear the rogue Malwarebyte, and this is a Lanstein that disinfection is generally found that a number of hooligan, but not all files. A few minutes later, Lanstein said one message left by the Command & Conquer server files and deleted files quickly redownloaded.

"All this the chance of a clean run only a specific anti-virus tool that is a moderate, Donald, director of technical education with antivirus vendor Eset. Lanstein, and other security authoritative stressed, if your anti-virus "to delete" of the infection, you should not assume the malicious software is disappearing. You can try to download and run additional tools, such as rogue devices. Other countries, such as hijacking or ESET of this SysInspector, will analyze your computer and create a log that you posted on the website Bleeping Computer, experienced volunteers in the provision of appropriate recommendations.

A better strategy is to ensure that your computer is not infected in the first place. Close the entire possible loop hole to install an update driver download sites may use not only Windows, but also in the application services, such as Adobe Reader software. And prevention of poisoning e-mail attachments or other documents, do not open any unexpected attachments or download; run any virus you can not determine, for a total scan the same site free of charge, many experts use.