How Cybercriminals May Be Enlisting Your Computer Into a Botnet Army

Posted by Brian on June 10, 2016 at 4:40 PM

Let’s first of all define ‘botnet’. Botnets - sometimes referred to as zombie armies - are networks of computers infected with malware that force those machines to do a hacker’s bidding without the owner’s knowledge. How-to Geek has a more comprehesive definition - including helpful graphics - than we have time for here.

Over the last two years, a clever botnet program has allowed cybercriminals to take over unprotected computers and quietly generate profit for themselves. Redirector.Paco is the name of the malicious Trojan horse virus designed to control the infected workstation's web browser. It redirects internet traffic to phony websites that appear authentic to the user. The objective of all this nefarious activity is to generate numerous clicks to specified websites that earn the hackers revenue through AdSense-like software.

Redirector.Paco works by creating a registry key typically disguised as "Adobe Flash Update" or "Adobe Flash Scheduler" in order to avoid detection by anti-virus software. The Trojan then infects Java and takes control of web traffic, redirecting the browser to malicious addresses specified remotely by the cybercriminal.  Workstation users may unknowingly download Redirector.Paco by downloading corrupted software containing the Trojan.

Diagnosing and Preventing Infection
While Redirector.Paco cloaks itself well, it does have a few noticeable indicators:

  • Unusual messages like “Waiting for proxy tunnel” or “Downloading proxy script” display in the browser's status bar.
  • A Google page takes a unexpectedly long time load.
  • Click on the padlock icon in the address bar. From there, you will be able to find the root certificate used to create your secure connection. If you see "DO_NOT_TRUST_DiddlerRoot," your system is likely infected.

You can protect yourself by always making sure the website address is correct in order to verify the source of your downloads. Also, scan all downloads before installing, even if they seem sent by a trusted source. If you suspect that your computer has been recruited into a botnet, let your I.T. team know. If Bennett/Porter is that team, we're always happy to discuss network security with you. Just give us a call or click below to send us a message.

Contact Us!

Topics: Network Security

Don't Miss a Thing!

Subscribe to our blog

Subscribe to our blog

    Recent Posts

    Posts by Topic

    see all