What is a 'Botnet infection'?

Botnet is a portmanteau derived from the words robot and network. Bot refers to a computer program that independently performs automated jobs. Such programs have many legitimate uses; search engines, for example, commonly use bots to catalogue web sites. Unfortunately, bots can also be programmed to perform malicious actions on systems. A botnet is a large group of infected computers connected to each other via the internet. Criminals administering the botnet make sure that the the programs get installed on as many systems as possible. The programs stay under the radar, generally running in the background, and are usually difficult for antivirus software to identify. Once a computer is infected, it can then become part of the botnet through the exploitation of vulnerabilities in software installed on the user's system. There are many avenues for this infection, such as visiting a (generally infected) web site, 'drive-by downloads' (when malware is downloaded and installed on the system without the user's knowledge), and even by simply clicking attachments or links in an e-mail or merely connecting peripherals such as USB sticks or external hard drives to the system.

Why would this be bad?

The IP listed in the report (the system behind it using NAT), has seen participating inside the botnet. With your system in communication with the botnet you can be 99,9% sure it has been compromised. It's hosting malware and is participating in a botnet.

A botnet can be used to steal your personal data, send spam, hack into other computers and launch network attacks. In these examples you are the actual source of these attacks!

Recommended action

This issue needs to be resolved by removing the malicious software. In very persistant infections you will need to reinstall the system to get rid of the infection.

Tips to resolve this matter

If your system is a workstation or server:

If your system is a website / hosting system:

Once all malicious software has been removed make sure the server can't be compromised again by installing the latest updates for your operating system, control panel and hosted applications, including themes and plugins (i.e. Wordpress). If you do not upgrade them directly you will face a re-infection in a very short time!

Getting more information

NCSC factsheet - Release me from a botnet