Blog        Forum        Spam        Check & Secure                      

Inform - Stay safe online

Botnets are a network of computers which interconnect after they have been infected with a malicious payload. If a computer is part of a botnetwork, then it will go unnoticed by its owner that remote commands were sent by cyber criminals to be used for distributing Spam or infecting other computers whilst being online.

Botnets function as a basic infrastructure for Internet crime, and are one of the largest illegal sources of income in the Internet. With the Anti-Botnet Advisory Centre we would like to significantly reduce the number of botnet infected computers and so remove the foundation for cyber criminals. Every individual computer that is freed from infection helps achieve this.

Technical Background

What are botnets?

A botnet is a network of computers which, as a result of being infected by malware, are joined together and, as soon as there is a connection to the Internet, can react to the remote commands of cyber-criminals. The individual computers are known as bots or zombies. In fact, the bot is the malicious program itself, although the term is also associated with the infected system.

The Internet connection and local resources of affected computers are used by cyber-criminals for a variety of purposes, without the knowledge of the computer owner. In this way, a private computer can be used for sending spam undetected, but it is also possible to execute a DDoS attack or a phishing attack – the accessing of personal data and passwords.

The operators of botnets want to capture as many computers as possible, in order to increase the number of resources available to them. The botnet sustains itself and increases its size by distributing the malware and infecting further computers.

It is estimated that up to a quarter of all computers world-wide are part of a botnet. Germany is in the top ten, because of the good Internet infrastructure available. The botnets themselves function as a basis for Internet criminality and are one of the largest illegal income sources on the Internet.

What is malware?

Malware is the term used to denote a program which executes undesired or hidden functions on the affected computer. Malware programs are functional and often autonomous, created and spread by skilled programmers with criminal intentions. Malware includes viruses, worms, trojans, bots, dialers, scareware and grayware.

How does a Computer get infected?

Botnets are expanded by a "bot" being installed on a not-yet infected computer. This can happen in a variety of ways:

  • Infected Emails:
    Over an email, the user is invited to open an attached program or click on a link which leads to an infected website. If the user runs the program or follows the link, malware will be installed on the computer, making it part of a botnet. These invitations are often made using phishing emails, which are becoming increasingly professional. The email can pretend to come from the user's own bank, or something similar.
  • Downloads:
    The malware is coupled with another program which is available for download over the Internet. Whoever downloads this program will infect their computer with the malware. This coupling of malware to a harmless application makes what is called a trojan ("Trojan horse"). This occurs most often with illegal download programs. However, for security reasons, even legal and serious programs should only be downloaded from the original website of the provider, and should be checked by a virus scanner.
  • Exploits:
    An infection by this method exploits security holes and errors in applications, the browser or in the operating system itself. Exploits are activated when the user, for example, clicks on a prepared link; in the case of a drive-by-Infection, the exploit is triggered simply by loading a manipulated website.
  • Drive-by-Downloads:
    A drive-by-Download is characterized by an undetected and unintentional software download onto a user's computer. Among other things, drive-by downloads refer to the unwanted downloading of malware caused just by visiting a manipulated website. Unfortunately, simply avoiding dubious websites is no protection, because hackers regularly succeed in manipulating serious websites.

What damage can botnet-infected computers cause?

A computer hijacked by cyber criminals can be abused for different purposes:

  • Distribution of Spam:
    The resources of remotely controlled computers are used to send spam. A botnet can send several billion spam emails a day.
  • DDoS Attacks:
    So-called Distributed Denial of Service attacks are attacks on a server or computer, with the goal of causing a break-down of its services. For example, if a company's server is bombarded with a large number of requests, it it may become overloaded and crash as a result. Coordinated and simultaneous requests from bots can lead to a system overload.
  • Proxies:
    Over a proxy within the botnet, the master computer which controls the bots can establish an attack connection to a third-party computer, and can hide its address of origin. For the victim of the attack, the bot (infected computer system) appears to be the attacker. The actual attacker - the remotely controlling "master" - cannot be traced.
  • Data Theft:
    Most bots can easily access locally stored usernames and passwords for applications such as MS Messenger, or can read data such as passwords and credit card numbers from web forms. This data will be transferred to the "master" of the botnet.
  • Storage medium for illegal contents:
    The hard drives of hijacked computers can also be used for the storage of illegal content, which can then be spread from this computer.

Frequently Asked Questions & Glossary

Questions about the Anti-Botnet Advisory Centre

Technical Questions


Questions about the Anti-Botnet Advisory Centre

What does do? is an initiative from the Romanian National Computer Security Incident Response Team. The project's goal is to reduce the number of botnet infected computers in Europe and to help affected users clean their computers of malicious files.
The Anti-Botnet Advisory Centre ( supports affected users in this process. consists of IT experts that help you to clean your computer of an infection and protect you from new attacks from the Internet. The support follows in two stages: The affected user will first be informed by their Internet Service Provider about a possible malware infection e.g, via a landing page which appears when the user opens their browser. Further Internet usage, however, remains possible. The customer will then be invited to visit our website where information and tools are provided for self-help. In the second stage, the provider-neutral Advisory Center comes into play: Customers needing additional help will be advised by telephone and be taken through the necessary steps to remove the malicious software, and to improve security on their computer in the long term.

Return to the FAQs ▲

What will the service cost me?

All instructions on this site, along with the EU-Cleaner, are available free of charge. The telephone support through the Anti-Botnet Advisory Centre is charged at the local call rate.

Return to the FAQs ▲

How will my ISP inform me if my computer is infected with a botnet?

The notification of an affected user occurs over several channels, to ensure delivery of the message to the customer: for example by email and additionally by letter.

Return to the FAQs ▲

My neighbour/friend/colleague also has a problem with their computer. Can I pass on the support hotline telephone number?

Unfortunately this is not possible. Support can only be provided in combination with a valid ticket number which you will receive from your ISP. This ticket number is not transferable.

Return to the FAQs ▲

My computer is behaving strangely. Can I contact the support hotline directly?

This is only possible in combination with a ticket number, which you will receive from your ISP.

Return to the FAQs ▲

Will my ISP or eco collect personal data about me?

Neither your ISP nor eco e.V. will collect personal data about you or your computer. This initiative has the goal of taking Germany out of the top-ten list of countries from which botnet activity originates. In the case of an infection, your Internet Service Provider will recognize certain patterns of behavior from your computer. If this is the case, then your ISP will contact you. They will go through the required steps and if further assistance is necessary, then they will put you in touch with the specialists at the Anti-Botnet Advisory Centre by giving you a ticket number with which you can phone the ABBZ and receive support anonymously.

Return to the FAQs ▲

Technical Questions

How did my computer get infected in the first place?

Botnets comb through the Internet for potential victims. Your computer probably has security holes or vulnerabilities that enable attackers to install malicious files. As soon as you move through the Internet on your computer, you are exposed to all dangers. That is why it is very important that you make sure your operating system and the associated programs are always up-to-date.

Return to the FAQs ▲

How do I know that my computer is infected with a bot?

The criminals who spread bots want to remain undetected. This is also true for the bots themselves, which are active on millions of computers worldwide. The first sign of an infection is a poorer Internet speed, unrequested visits to websites or unwanted popups and adverts, or even that you can no longer access websites using common browsers (Internet Explorer, Firefox, Opera). However, infected computers do not necessarily exhibit these symptoms. Users often don’t notice anything, or don’t notice until too late that their computer has become part of a botnet.

Return to the FAQs ▲

How do I protect my computer against further attacks?

The following tips should be considered for your security:

  • Be careful with email attachments. Never open email attachments from an unknown sender. Ask the sender if in doubt.
  • Be careful with unknown websites: Malicious software can be installed and run on your computer just by visiting the website.
  • Use secure passwords (at least 8 characters- alphanumeric).
  • Change your password at regular intervals.
  • Make regular backups (copies) of your personal data (e.g. documents, pictures, music) on an external medium.
  • If you use technologies such as WLAN or VoIP make sure that you use encrypted data transfer.
  • Never install software from unknown or doubtful sources, even if they are free of charge.

Return to the FAQs ▲

What is the EU-Cleaner?

The EU-Cleaner is a program that scans your system for current bots, and cleans it.

Return to the FAQs ▲

Why is there no EU-Cleaner available for Linux or Mac OS?

Risk of an infection with a computer running Mac OS or Linux is relatively small, because Internet criminals attack primarily computers with Windows installed. As a user of a Mac OS or Linux you should nevertheless, for your own protection, install anti-virus software tailored for this system.

Return to the FAQs ▲

What differences are there between the EU -Cleaner and an installed Anti-Virus program?

The EU-Cleaner is a program which was specifically developed in order to remove an existing malware infection, or to check for such an infection. An installed anti-virus program usually runs in the background and is primarily to prevent an infection.

Return to the FAQs ▲

What do I have to consider to enable the EU-Cleaner to function properly?

Close all active programs, including those which run in the background.

Return to the FAQs ▲

How long will a scan take using the EU-Cleaner?

The scan can vary depending on the amount of data and the number of programs installed, and could require several hours.

Return to the FAQs ▲

The EU-Cleaner has not found any malicious files on my PC. Is my computer clean?

The EU-Cleaner is a special tool whose current signatures have been designed to detect and remove bots. As a precaution, however, you should install anti-virus software and scan your computer completely. If anti-virus software is already installed, update it and run a complete scan.

Return to the FAQs ▲

The EU-Cleaner detected malicious files and deleted them. How do I proceed?

After the successful removal of an infection, you should restart your computer and, to be on the safe side, repeat the scan.

Return to the FAQs ▲

The EU-Cleaner deleted infected files and I can no longer start any programs. What should I do?

It can happen that the EU-Cleaner detects as suspicious and removes a file, but the program was actually not malware at all. Don’t worry – your data has not been lost. In such a case, then please take the following steps:

  1. Start the EU-Cleaner and click the button “start scan“.
  2. The last disinfection sessions that were undertaken will be listed. Select the appropriate session and click on “continue“.
  3. Following this you will be shown exactly what the EU-Cleaner changed in this session. Click on “Undo“ to restore your files.
  4. After this, restart your computer.

Return to the FAQs ▲

How can I reinstall my operating system?

Follow the steps presented in Reinstall Windows section.

Return to the FAQs ▲


Anti-Virus Program

An anti-virus program is a virus scanner which detects and eliminates current and common malicious software e.g. viruses, worms and trojans.

Return to the FAQs ▲


The term bot, derived from “robot“, describes a computer program that executes its tasks independently, without any user interaction. Damaging bots can be used among other things for spam dispatch or DDoS attacks. The term bot, however, is also associated with the computer systems where bots are installed and executed.

Return to the FAQs ▲


Botnets are networks made up of interconnected bots. For details please read this article on the “Technical Background“ page.

Return to the FAQs ▲


A browser is a program that displays websites in the Internet (www). The best known browsers include Microsoft Internet Explorer, Mozilla Firefox, Opera, Apple Safari and Google Chrome.

Return to the FAQs ▲


A dialer (dial-in program) is a program that establishes an unwanted connection to the Internet using a premium rate number, for example, a 0900 number. This normally happens via an analog modem or an ISDN adapter. The cost will appear on the telephone bill of the person affected.

Return to the FAQs ▲

Distributed Denial of Service (DDoS)

A “denial-of-service“ can be caused unintentionally by excessive demand, or by a deliberate attack on a server, a computer or a network component. In this latter case, the goal is normally to interrupt or suspend active serves. A coordinated attack from numerous of other systems is a Distributed Denial of Service attack. Such attacks are controlled through back-door programs that function as bots.

Return to the FAQs ▲

Email Spam

Email spam is the unsolicited sending of bulk messages with commercial content. Email spam often contains infected attachments or links that direct you to infected websites.

Return to the FAQs ▲


Firewalls are software which monitor the data flow between two networks and filter or block specific traffic according to predetermined rules. A firewall can, for example, hinder unwanted access to your computer over the Internet, thus increasing the security of your computer. Some routers have integrated firewalls.

Return to the FAQs ▲


Grayware is the least harmful form of malware. Programs in the grayware category track the surfing behaviour of users and on the basis of this send or display personalized advertising.

Return to the FAQs ▲

Internet Service Provider (ISP)

An Internet Service Provider is a company that offers users access to the Internet.

Return to the FAQs ▲


A patch is a small software update or a fix for a program. Microsoft, for example, releases a patch every second Tuesday in the month, which remedies known problems with a program, a module or an operating system.

Return to the FAQs ▲


Scareware comprises programs that are designed to mislead users into believing in a non-existent danger. The most well-known form is bogus anti-virus software which indicates that countless viruses are present on the computer. In order to remove them, the user is then advised to purchase a specific program. The goal is to exploit the anxiety of the computer user and to earn money with the bogus anti-virus software.

Return to the FAQs ▲


A service pack is an update package made available by the software developer for an operating system or a program. They normally integrate several smaller updates. They increase stability, sometimes provide additional functions, and remedy vulnerabilities. Service packs are generally free of charge and are available for download from the software developer’s website, such as Windows XP SP3 and Windows Vista SP2. You should always make sure that the most recent service pack has been installed.

Return to the FAQs ▲

Social Network

A social network is the platform of an Internet community in which the participants mutually exchange information or data. Normally, anyone interested can join free-of-charge such communities. On these platforms, it is normal to make the personal profile and contact possibilities public. The goal is to make and take care of personal and business contacts. Well-known social networks include facebook, LinkedIn and twitter.

Return to the FAQs ▲


A wireless local area network (WLAN) is a network which is connected without cables. To operate a WLAN, there needs to be a sender and a receiver that can communicate or exchange data with each other according to a pre-defined standard. Many Internet Service Providers provide their customers with a router with in-built WLAN. WLAN routers enable wireless Internet use.

Return to the FAQs ▲

Link-uri utile

German National Support Centre

Hungarian National Support Centre

Belgium National Support Centre

Spanish National Support Centre

Check and Secure
This web service is a free online tool to secure your PC. Based on the results we lead you through a variety of checks step by step.

Free support forum for fast, individual help from our community

Blog with information about PC Security and Internet Security as well as numerous instructions, including live chat platform.

Regarding the security of your computer please consider the following basic rules:

  1. Check your computer for infection.
  2. Install current Service Packs and Security Updates for your system. Activate automatic updates.
  3. Check your internet browser and the embedded plugins (e.g. Java, Flash, Shockwave, Quicktime) regularly for Actuality.
  4. Install a virus scanner and update it regularly.
  5. Use a Firewall e.g. Windows built-in Firewall or a Router.

Good to know

Find out what botnets are, the damage they cause, and how they threaten the data on your computer.

Here you can find small programs and tutorials which enable you to remove a botnet infection from your computer.

In this section you will find many tips on how to protect your computer from infection.

Copyright © 2014-2015 CERT-RO. All rights reserved.