Ask the Expert

Are there effective tools that can determine if Storm and Nugache Trojans have been installed?

The article titled Storm, Nugache lead dangerous new botnet barrage was disturbing. Are there effective tools that can determine if these Trojans have been installed?

    Requires Free Membership to View

The best tools we have available today are the antimalware tools that include antivirus and antispyware functionality. The antivirus vendors constantly release new signatures and heuristic functions that try to detect recent widespread bots. Microsoft has also released and constantly updates its open source Malicious Code Removal tool, which deletes some, but not all, of the most virulent bots. However, there is always an inherent lag between the time the bad guys release their latest variant and when the vendors update their tools to detect it. That lag time could range from a day to several weeks, depending on whether the given malware is widespread enough to get attention from the vendor.

While antimalware tools will do most of the heavy lifting on bot detection, technically sophisticated users and certainly system administrators can analyze their machines to try to look for anomalies. I've written several articles on how to do this, including this detailed one on how to find malware on your Windows box.

One of the most useful tools in our arsenal is the humble netstat command. When run at a Windows command line with the "--nao 1" option, it will show all TCP and UDP port activity on a machine, displaying the process ID number every second. Because bots need to communicate with their botnet controller or peer-to-peer network; this technique can be used to look for unexpected communicating sessions on machines to identify a bot.

More information:

This was first published in February 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: