While antimalware tools will do most of the heavy lifting on bot detection, technically sophisticated users and certainly system administrators can analyze their machines to try to look for anomalies. I've written several articles on how to do this, including this detailed one on how to find malware on your Windows box.
One of the most useful tools in our arsenal is the humble netstat command. When run at a Windows command line with the "--nao 1" option, it will show all TCP and UDP port activity on a machine, displaying the process ID number every second. Because bots need to communicate with their botnet controller or peer-to-peer network; this technique can be used to look for unexpected communicating sessions on machines to identify a bot.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Ed Skoudis
Learn how social networking sites compound the insider threat risk, and explore how to mitigate the threat with policy, training and technology. Continue Reading
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ... Continue Reading
Wi-Fi on airplanes seems like it will be unavoidable in the future, but what security risks does it pose? In this security threats expert response, ... Continue Reading