Raymond.CC Blog

Zombie BOT is a computer that is infected by a malicious software which allows remote control. Hackers usually fool computer users by binding the remote control software to another legitimate program such as a game. When you run the program, it’ll only show the game at your screen but in background, it has already secretly installed a remote control software which allows the hacker to gain access to your computer when you go online.

Bot owners(hackers) usually doesn’t delete your files or make your Windows unbootable because they have other better use. Most often they (the hackers) require a lot of bots, which is called Botnets, to send out spam or launch distributed denial of service (DDoS) to bring down a website. A very good explanation taken from Wikipedia.

1. A botnet operator sends out viruses or worms, infecting ordinary users’ computers, whose payload is a trojan application — the bot.

2. The bot on the infected PC logs into a particular IRC server (or in some cases a web server). That server is known as the command-and-control server (C&C).

3. A spammer purchases access to the botnet from the operator.

4. The spammer sends instructions via the IRC server to the infected PCs, …

5. …causing them to send out spam messages to mail servers.

You can’t depend on antivirus alone to help you detect a bot infected computer because most of the bot software are custom programmed to avoid being detected by antivirus and firewalls. What I can suggest is for you to use a tool to monitor your computer for remote command and control (C&C) commands sent from a bot-herder.


Trend Micro RUBotted is a free program that runs on your computer, watching for bot related activities. Once installed on your computer, RUBotted checks for network traffic associated with BotNets.

RUBotted intelligently monitors your computer’s system behavior for activities that are potentially harmful to both your computer and other people’s computers. Additionally, RUBotted watches for an array of potentially malicious bot-related activities, including mass mailing – a common activity performed by a bot-infected computer.

RUBotted can co-exists with your existing AV software, providing advanced bot specific behavior monitoring. RUBotted does not rely on frequent, network intensive updates to ensure your computer’s continued protection. It supports from Windows 2000 to Vista.

RUBotted is still BETA. The program has very easy and basic interface. Even the settings doesn’t have much settings for you to configure.

RUBotted takes up 10MB of your memory. You can stop RUBotted from running but when you reboot your computer, it will autostart again. I hope in future RUBotted will have the option of disabling autorun whenever Windows is booted up. If you want to disable RUBotted from autostart, go to Start > Run > type MSCONFIG and hit OK. Go to Startup tab and uncheck the startup item “TMRUBottedTray“.

[ Download Trend RUBotted ]