1. Field of the Invention
The present invention relates generally to detection of malicious code, and more particularly but not exclusively to detection of bots.
2. Description of the Background Art
“Bots” are stealthy, remotely-controllable unauthorized software programs running quietly in user computers. A bot can receive and execute instructions from a remote server computer operated by the bot's originator, which is also referred to as a “hacker” or “bot herder.” A network of bots is called a “botnet.” A bot may be configured to use the infected computer to send spam or junk e-mail, participate in denial of service attacks to bring down servers, host pornography, and perform click-fraud, all without the computer owner's authorization. In the network security industry, databases are kept and frequently updated with lists of new and known IP addresses of computers infected with bot programs. Computers can be infected by bots via several different methods including drive-by-web-downloads and spyware downloaders that install other software onto a computer. Most users don't even know their computers are bot-infected and being used for malicious or unauthorized purposes.
Commercially available malicious code scanners (e.g., anti-virus or anti-spyware software) may be used to detect and remove bots and other malicious codes. However, this solution requires installation of compatible software onto the computer to be protected. Such software typically runs in computer memory constantly, consuming certain amounts of CPU power and memory resources to monitor the computer for infections. It is also necessary to install and run operating system compatible versions of the software. Accordingly, some users don't bother checking their computers for bots.