While antimalware tools will do most of the heavy lifting on bot detection, technically sophisticated users and certainly system administrators can analyze their machines to try to look for anomalies. I've written several articles on how to do this, including this detailed one on how to find malware on your Windows box.
One of the most useful tools in our arsenal is the humble netstat command. When run at a Windows command line with the "--nao 1" option, it will show all TCP and UDP port activity on a machine, displaying the process ID number every second. Because bots need to communicate with their botnet controller or peer-to-peer network; this technique can be used to look for unexpected communicating sessions on machines to identify a bot.
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Ed Skoudis
At Black Hat 2006, researcher Joanna Rutkowska unveiled a piece of machine-based malware called the Blue Pill. But is it a serious threat to your ... Continue Reading
Wi-Fi on airplanes seems like it will be unavoidable in the future, but what security risks does it pose? In this security threats expert response, ... Continue Reading
There are some rare forms of malware that antivirus software doesn't pick up on, but there are some good tools to remove all sorts of malware. Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.