Trend Micro is testing a nifty anti-botnet utility capable of listening for botnet-related traffic on infected Windows machines.
Trend Micro’s new RUBotted beta, available as a free download (.exe), is a lightweight program that intelligently monitors Windows machines for remote C&C (command and control) commands sent from a bot-herder. These can include commands to turn the zombie machine into a spam relay; launch denial-of-service attacks; or host malicious Web sites for phishing attacks.
Trend Micro says RUBotted will co-exist with your existing anti-virus software to provide advanced bot-specific behavior monitoring.
[ ALSO SEE: Is the Botnet Battle Already Lost? ]
The beta is available for Windows 2000, Windows XP Pro, Windows 2003 Server and Windows Vista (latest service packs required for all OS versions).
Trend Micro is following Symantec into this market and it’s probably a safe bet that this will become a paid product (like Symantec’s) once the beta is completed.
Slapping a price tag on a product that really should be a key part of your existing anti-virus subscription seems like a rip-off to me. Here’s what I wrote when Symantec made Norton AntiBot a $29.99 download:
“Here’s a list of the products sitting on your machine, sucking valuable system resources under the guise of protecting you from hacker attacks: Anti-virus, anti-spyware, anti-rootkit, anti-spam, drive-by browser protection, etc., etc.It has to be the biggest con job in IT to convince consumers that they should pay a separate subscription for each of the above “protection” products. So you pay for virus protection, then pay a bit more for spyware protection, and if those don’t work, buy an anti-rootkit package and if your PC still falls into a botnet, here’s your $29.95 anti-botnet tool.“
If this trend holds, expect Trend Micro, McAfee and every other anti-virus vendor to hop on this gravy train, using the fear of botnets to sell even more subscriptions.
For what it’s worth, I installed Trend Micro’s new tool and was rather impressed with its simplicity. I have no way of knowing if it really works as advertised because this test machine is (I hope!) bot-free, but I liked the way it presented a clean, easy-to-use interface for the most unsophisticated computer user (the kind most likely to be running an owned machine).
The program settings show that it is monitoring HTTP incoming and SMTP outgoing traffic; IRC requests and DNS queries. By default, it’s also set to issue a warning once a bot is discovered.
It also features a “View Log” page that contains all suspicious activity detected.