Alabri

03/11/2017

KRACK

As of 2017, there are 3.74 billion internet users in the world...

And, the majority of these people use Wi-Fi to connect to the internet — whether it’s a home, business or public network.

Now, as most of you know, public Wi-Fi is incredibly susceptible to hackers.

I don’t recommend using it unless you’re also using a VPN (virtual private network).

But most people feel pretty safe using their own personal Wi-Fi connection at home or work, right?

If you’re one of those people, here is a good reason you should be a little more careful — no matter what wireless network you are connected to.
The Key to the Kingdom

Recently, a new cyber attack called “Krack” (short for key reinstallation attack) was revealed.

This hack actually targets wireless routers, not individual devices, which means ANY Wi-Fi-enabled device is at risk.

It exploits a flaw in the WPA2 (Wi-Fi Protected Access 2) security protocol, which is the current security standard for routers.

Here’s how the hack works:

During the process of connecting your device to the Wi-Fi network, an encryption key is exchanged between the two.

Krack tricks you into installing this encryption key, and if a hacker managed to collect the key, they would easily be able to access your wireless network.

The scary thing is, there’s really no device that is safe from hackers when it’s connected to Wi-Fi.

The silver lining is that a hacker would have to be within range to connect to the Wi-Fi network.

In other words, you don’t have to worry about some guy in Russia hacking into your Wi-Fi using this method.

But of course, you’re probably thinking, How does this truly affect me?

Well, the reality is that once a hacker has access to your wireless network, they can see all the information you send over it.

Essentially, this is just as unsafe as using a public Wi-Fi network with no security encryption at all. You would be inadvertently sharing your passwords, credit card information and everything else you do online.

To make matters worse, since hackers could see what websites you are browsing in real-time, they could add code to those websites that would infect your computer with malware.

Since pretty much everyone is vulnerable to this attack, here are a few ways you can protect yourself and avoid falling victim to the Krack attack:

1. Keep your devices up to date.
Anytime there is a new cyber threat, every major software company immediately begins working on software patches to update their security to protect users.

This is why you should always check for the latest software updates on every device you connect to a wireless network.

Here’s something else to keep in mind:

Even when people remember to update their devices, they often forget to see if there are any updates for their actual routers.

Companies like Netgear and Intel have already released security patches for their products to protect them from this most recent attack.

2. Use a VPN.
You’ve heard me mention this before, but I cannot stress enough how critical it is to use a VPN.

No matter how you connect to the internet, you should always use a VPN to keep hackers from spying on you and getting their hands on your personal information.

While more and more companies offer a free VPN, the service is typically slower, and from what I’ve seen, the free services are not always the most secure.

Personally, I wouldn’t go cheap when it comes to VPN services and I would pay for a quality one.

3. Get an Ethernet cable.
If you want to be extra cautious, you could use a hard-wired Ethernet connection to get internet access.

Obviously, this is easier to do at home or at work than when you are out and about, but it’s one way to guarantee you will be safe from this cyber attack.

Just remember to disable the Wi-Fi if you plan to go this route.

As I mentioned earlier, no device is safe from this hack since it is designed to affect the wireless security protocol.

In the next few weeks, stay on the lookout for software updates for all your devices — these will hopefully also include security updates to protect you from the effects of Krack.

03/11/2017

BadRabbit

Abstract

This threat advisory provides analysis by Radware’s Emergency Response Team (ERT) of the ransomware campaign that broke out on October 24, 2017, and is impacting organizations across Eastern Europe

BadRabbit follows previous ransomware operations such as WannaCry and Nyetya (a.k.a. NotPetya). At the moment, BadRabbit resembles the Nyetya campaign as it uses the original Petya ransomware variant. As many organizations update and patch their security solutions following such attacks, BadRabbit authors created a variant that does not include a memory-wiping component like in the Nyetya campaign. BadRabbit leverages the EternalRomance exploit to propagate laterally across a network, another vulnerability that was released by Shadow Brokers and addressed in the Microsoft MS17-010 security bulletin.

Distribution

BadRabbit was distributed via a fake flash update that required user interaction. When visiting one of the compromised sites, a user is presented with a popup for a flash update. This fake flash update was delivered to a user via download while viewing a compromised website. These websites were compromised with a piece of malicious JavaScript that was injected into their HTML body or on one of their .js files. Users were redirected to 1dnscontrol[.]com, the site hosting the malicious file. A POST request is then sent to a static IP address 185.149.120[.]3 with a path to /scholasgoolge. After the POST, the dropper is downloaded onto the user’s computer from one of two different paths, index.php or flash_install.php. Users are then redirected to a site that dropped the malware onto their computer.

Infection

The reason why this attack is not sophisticated is due to its dependence on user interaction. Ultimately, the user has to initiate the download by thinking they have to install a flash update. Once the user interacts with the update, a dropper containing BadRabbit is deployed on a user’s machine.

Propagation

After the device is infected, an SMB component and WebDAV is used to worm laterally across networks to identify additional devices to compromise. In addition, BadRabbit uses a list of weak credentials and a version of post exploitation hacktool mimikatz to gain further credentials for infection. For the moment, the server hosting the malware has been taken down and is no longer spreading the worm.

Infected Files3ds .7z .accdb .ai .asm .asp .aspx .avhd .back .bak .bmp .brw .c .cab .cc .cer .cfg .conf .cpp .crt .cs .ctl .cxx .dbf .der .dib .disk .djvu .doc .docx .dwg .eml .fdb .gz .h .hdd .hpp .hxx .iso .java .jfif .jpe .jpeg .jpg .js .kdbx .key .mail .mdb .msg .nrg .odc .odf .odg .odi .odm .odp .ods .odt .ora .ost .ova .ovf .p12 .p7b .p7c .pdf .pem .pfx .php .pmf .png .ppt .pptx .ps1 .pst .pvi .py .pyc .pyw .qcow .qcow2 .rar .rb .rtf .scm .sln .sql .tar .tib .tif .tiff .vb .vbox .vbs .vcb .vdi .vfd .vhd .vhdx .vmc .vmdk .vmsd .vmtm .vmx .vsdx .vsv .work .xls .xlsx .xml .xvd .zip

Default Credentials for Brute Forcing
Usernames

Administrator, Admin, Guest, User, User1, user-1, Test, root, buh, boss, ftp, rdp, rdpuser, rdpadmin, manager, support, work, other user, operator, backup, asus, ftpuser, ftpadmin, nas, nasuser, nasadmin, superuser, netguest, alex

Passwords

Administrator, administrator, Guest, guest, User, user, Admin, adminTest, test, root, 123, 1234, 12345, 123456, 1234567, 12345678, 123456789, 1234567890, Administrator123, administrator123, Guest123, guest123, User123, user123, Admin123, admin123Test123, test123, password, 111111, 55555, 77777, 777, qwe, qwe123, qwe321, qwer, qwert, qwerty, qwerty123, zxc, zxc123, zxc321, zxcv, uiop, 123321, 321,love, secret, s*x, god

Domains
Compromised Websites

hxxp://argumentiru[.]com
hxxp://www.fontanka[.]ru
hxxp://grupovo[.]bg
hxxp://www.sinematurk[.]com
hxxp://www.aica.co[.]jp
hxxp://spbvoditel[.]ru
hxxp://argumenti[.]ru
hxxp://www.mediaport[.]ua
hxxp://blog.fontanka[.]ru
hxxp://an-crimea[.]ru
hxxp://www.t.ks[.]ua
hxxp://most-dnepr[.]info
hxxp://osvitaportal.com[.]ua
hxxp://www.otbrana[.]com
hxxp://calendar.fontanka[.]ru
hxxp://www.grupovo[.]bg
hxxp://www.pensionhotel[.]cz
hxxp://www.online812[.]ru
hxxp://www.imer[.]ro
hxxp://novayagazeta.spb[.]ru
hxxp://i24.com[.]ua
hxxp://bg.pensionhotel[.]com
hxxp://ankerch-crimea[.]ru
Payment Page

hxxp://caforssztxqzf2nm[.]onion
Inject URL

hxxp://185.149.120[.]3/scholargoogle/
Distribution URL

hxxp://1dnscontrol[.]com/flash_install.php
hxxp://1dnscontrol[.]com/index.php
How to Prepare
Make employees aware of the organization. They should understand how this threat works and be conscious to malicious activity.
Perform regular backups of all critical information to limit the impact of data or system loss. Ideally, critical information should be kept on a separate device, and backups should be stored offline.
Maintain updated anti-virus software.
Make sure you have a strong anti-malware solution which is constantly updated with new signatures and new types of malware. It should be deployed on all workstations and laptops.
Keep your operating system and software updated with the latest patches.
Do not follow unsolicited links in email.
Use caution when opening email attachments.
Follow safe practices when browsing the web.

18/09/2017

06/09/2017

We have been following CodeFork: a group of global hackers spreading Malware to be leveraged for different nefarious purposes.

Using stealthy evasion techniques to go undetected by most Malware Protection solutions, this malware can spread spam, worms and now mine Monero crypto currency. It is currently spreading amongst businesses in various geographical locations.

01/08/2017

How corruption is fraying South Africa’s social and economic fabric
July 12, 2017 4.19pm SAST

South Africans are not happy. According to the recent Bloomberg’s Misery Index, South Africa is the second-most miserable country on earth. Venezuela tops the list of emerging countries.

This isn’t too surprising considering that the country is embroiled in multifaceted crises. It also has among the highest unemployment and inequality levels in the world.
Unfortunately, recent credit rating agency downgrades, as well as the fact that the country is in recession, mean that these horrid conditions are unlikely to reverse soon.

Consequently, the poor in South Africa have little chance of improving their lives. They will, therefore, be even more reliant on the provision of state services. They will also increasingly be on the receiving end of the two extractive systems that are deeply embedded in country’s socio-political and economic systems.

The first is the patronage and state capture machinery as recently documented in a report by leading academics. The effect of this corruption is that the capital allocated for service delivery is wasted, the private sector is crowded out, and the monopolising positions of dysfunctional state owned enterprises distort the economy.

The second is where state capture merges with patronage politics at local government level. This is accomplished by managing and staffing municipalities with unqualified party loyalists – or close associates – who disseminate services inefficiently from a shrinking pool of capital, while further extracting rents through a sub-layer of corruption.

The effect is that the poor must pay an additional tax in the form of bribes for access to mispriced and inefficient state services. In addition, as the looting via state capture and municipal corruption intensifies, service provision and delivery declines. This means that the poor are then subject to bribe inflation to gain access to shrinking capacity. Violent service delivery protests inevitably escalate.

Demographics and education

South Africa’s five year average economic growth rate declined from 4.8% over the 2004-2008 period to 1.9% over the 2009-2013 period. Between 2014 and 2016 it averaged 1.1%. At the same time irregular, wasteful, and unauthorised expenditure ballooned. It’s therefore not surprising that the number of violent protests increased from an average of 21 a year between 2004 and 2008 to 164 a year between 2014 and 2016.

Unfortunately, South Africa’s demographics and education statistics don’t suggest that this trend is likely to reverse soon.
South Africa’s youth statistics are depressing. Young people between the ages of 15 to 35 comprise 55% of the country’s 36 million working age population. Of the 19.7 million youths, only 6.2 million are employed while 3.6 million are unemployed but still actively looking for work, and 1.53 million have stopped looking for work. The remaining 8.4 million are at school, tertiary education, or are homemakers.

Youth unemployment is 36.9%. This is nearly double the unemployment rate among adults. Among black youth, 40% are unemployed compared to 11% of white youth.

Taking the level of education into consideration, 2011 data show that the unemployment rate for 25 to 35 year olds who had less than a matric was 47%, compared to 33% for those that had a matric, and 20% for those with a diploma or post-school certificate. But if one looks at the younger group of 20 to 24 year-olds, 16% are in school, 12% are in post-schooling education, 21% are employed, and 51% are unemployed and not in any education or training.

Considering that the percentage of black professional, managerial and technical workers in the 25 to 35 age bracket dropped by 2% over the past 20 years (meaning that this generation is less skilled than their parents), the statistics in the 20 to 24 age bracket indicates that this trend is likely to worsen.

Worryingly, studies show that countries, such as South Africa, that have a youth bulge and poor educational attainment are likely to suffer from political instability. This is because if the demographic transition occurs in a stagnant economy with a high level of corruption than the low opportunity costs increase the likelihood of political violence by poorly educated young men.

Fixing systemic failures

South Africa’s current crisis is a systemic failure extending across national and local government. Although it’s possible that the political cost of corruption is now reaching unacceptable levels, reversing the effects of state decay on the poor will take short-run and long-run interventions.

Short-run measures will need to include holding public officials to account, reforming state owned enterprises and reversing the numerous institutional weaknesses at all levels of government.
But public and private stakeholders will also need to formulate long-run policies that will improve the quality and through-put of the country’s junior and secondary education systems, and entrench youth employment incentive schemes. In addition, skills training will need to be reformed and reinvigorated, and the technical vocational educational system will need to be reconstructed.

If South Africa is to recover, then the country’s badly frayed socio-economic fabric will need to be restitched, not just patched.

31/07/2017

Internal Vs. External Cyber Threats: What You Need To Know

With every good invention, comes something bad. Shortly after the invention of the internet ( a good thing!), came cyber threats ( a bad thing!). The Morris worm of 1998 was one of the first recognised worms to affect an entire network of computers. It makes sense, therefore, that when companies began taking steps to secure their networks and information against cyber threats the focus was naturally on external intruders.
Unfortunately, this is no longer our reality. We’re no longer only worried about threats from the outside world. With up to 55% of cyber threats now coming from internal sources, companies have to ensure they are have considered the risks of internal and external cyber threats.

The Difference Between An Internal And External Threat
The majority of external attacks happen in order to steal confidential information through the use of malware such as worms, Trojan horse viruses, phishing and the like. Some cybercrime groups such as Anonymous carry out attacks against governments and corporations for a variety of reasons, often to teach them a social or moral lesson. While your business might not be a target for Anonymous, it is still a target for other cyber intruders. The most common external attacks target customer data held by companies, as this personal information has a price tag on the dark web, and stealing data is an easy way to make a living.
An insider threat can be defined as ‘a current or former employee, contractor or another business partner with access to the organisation’s network, system or data and intentionally misuses them or whose access results in misuse’. Most internal cyber-attacks are after employee information, potentially for poaching or recruiting purposes. On the other hand, there are also cases of disgruntled employees with access to servers and confidential information that tend to target and steal intellectual property in order to carry out their personal vendetta.
While some internal threats lack intention, in other words, the employee acted in such a way that sensitive data was accidentally compromised, the effect is the same regardless.

How To Protect Your Company

The most important thing a company can do is have a cybersecurity strategy in place that works to address vulnerabilities and has clear steps to take in the event of being breached, either from an internal or external source. It is also important to remember that it is impossible to protect against the ever possible threat, but this shouldn’t stop you from trying. User awareness is key in preventing cyber-attacks. In order to better protect your company, you should:

• Educate yourself as to the various forms a cyber threat can take. From malware to a disgruntled employee, there are many ways your system and your business can be put at risk.
• Train your teams on the correct cybersecurity policies and procedures and ensure that these are adhered to.
• Establish seniority and access rights. Only give employees access to what is crucial for them to be able to carry out their job description.
• Make sure the basics are in place – antivirus programs, email security and an intelligent firewall. Secure your servers, your Wi-Fi and encrypt information shared over networks (this means no public Wi-Fi).
• Protect hardware as well as software and ensure all devices (both work and personal) are adequately password protected and remotely erasable.
• Regularly consult with cyber security professionals to ensure no vulnerability is overlooked.

17/07/2017

Cyber Threats - What are they and how you can try preventing them

Cyber threats are a risk for everyone and every business and the consequences that can arise as the result of a cyber-attack can be more serious than you might think. They come in many different forms under various disguises, looking for vulnerable targets to attack.
This is why cyber security professionals are constantly at war with those that attempt to breach the carefully-laid processes and systems designed to keep them locked out.

Cyber threats often occur in batch attacks that can simultaneously target each identified vulnerability within a company's network. The most common reasons for the occurrence of cyber-attacks are monetary gain, commercial espionage (stealing trade secrets) or to cause reputational damage to an individual or company. Whatever the reason, the outcome is the same: a cyber security breach.

19/11/2016

ERT THREAT - BlackNurse

What is BlackNurse?

BlackNurse is a non-volumetric, low bandwidth Denial-of-Service attack that overloads firewalls and can potentially knock businesses offline. It can be easily launched from a single laptop.
How Does it Work?

Most ICMP attacks that we witnesses are based on ICMP Echo (Type 8 Code 0) and are called ping flood attacks. These attacks deny the service via excessive bandwidth and filling up internet pipes.

The BlackNurse attack targets a vulnerability in some network and security devices, fire walls mainly. The attack can be triggered with a limited volume of 15-18Mbps of ICMP Type 3 Code 3 or about 40k to 50k packets per second (PPS). The impact on these network and security devices is typically high CPU loads causing the devices to stop forwarding packets or creating new sessions.

When the attack stops, most devices will recover to normal condition.

Why is it Effective?

Typically, firewalls are setup to block a subset of ICMP. Most security best practices indicate to block ping and traceroute: ICMP type 0 (echo reply), 8 (echo request) and 11 (time exceeded).

These are only 3 out of the 16 ICMP types. Some others types like 4 (source quench) and 3 (destination unreachable) are required for keeping hosts operating properly on a network. One such example is Path MTU discovery, which requires the destination unreachable, don't fragment bit set message (type 3, code 4)

According to RFC 1812 - Requirements for IPv4 Routers, a router MUST be able to generate ICMP Destination Unreachable messages and SHOULD choose a response code that most closely matches the reason the message is being generated

02/11/2016

Understanding the Cybercrimes Bill

October 2016, Cyber Security

The aim of the Cybercrimes and Cybersecurity Bill (Cybercrimes Bill) is to stop cybercrime and to improve security for South African citizens. A draft of the Cybercrimes Bill was first released for public comment in August 2015 – submissions closed in December. The Bill is due to be presented to Parliament later this year.

Who is affected?

The Cybercrimes Bill affects everyone using a computer or the Internet, or anyone who owns an information infrastructure that could be declared critical. Among others, the following individuals and organisations should take note: ordinary South African citizens or employees using the Internet, network service providers, providers of software and hardware tools, financial services providers (the Bill includes prohibited financial transactions), representatives from government departments, those involved with IT regulatory compliance, as well as information security experts.

What are the offences and penalties?

The Cybercrimes Bill consolidates South Africa’s cybercrime laws, which makes successful prosecution of criminals more likely. Up until now, cyber offences were charged under various acts, among others the Prevention of Organised Crime Act, and the Electronic Communications and Transactions (ECT) Act of 2002. The ECT Act seemed to govern most online crime, but only included three cybercrime offences.

The Cybercrimes Bill defines over 50 new offences, and imposes penalties. Some of the offences detailed in the Cybercrimes Bill relate to the following:

• Accessing personal data or interception or interference of data.
• Use of hardware, software and computer systems to commit offences.
• Acquisition, possession and provision, or receipt or use of passwords, access codes or similar data or devices.
• Prohibited financial transactions.
• Dissemination of data or messages which advocate, promote or incite hate, discrimination or violence.
• Copyright infringement.
• Computer-related offences pertaining to terrorist activity such as espionage, unlawful access to restricted data, as well as extortion (which includes unlawful acts in respect of malware pirates, fraud and forgery).

Penalties on conviction are quite severe. Penalties include fines of R1 – R10 million and imprisonment of one to 10 years, depending on the severity of the offence. The nature of the crime determines the penalty.

The law also imposes obligations on electronic communications service providers, such as mobile networks, Internet service providers, and financial institutions, regarding aspects which may impact on cyber security. The Cybercrimes Bill is very specific in obligating these institutions to take steps in preventing cybercrime to protect consumers. It also imposes a fine of R10 000 a day on organisations that fail to comply with the stipulations in the

Cybercrimes Bill.

Structures

The Cybercrimes Bill regulates the powers to investigate, as well as aspects of international cooperation. The Bill also provides for the establishment of a 24/7 point of contact and various structures to deal with cyber security.

Gear up for the final law

Incidents will happen, but it’s how an organisation responds that matters. Government is working on establishing a legal mechanism for anyone to defend themselves against cybercrime. However, organisations need to be more proactive in their security through the use of services such as incident response plans, real-time threat management, vulnerability management and managed security services.

The Cybercrimes Bill provides legal backing for anyone to defend themselves in law against cybercrime.

To read the Cybercrimes and Cybersecurity Bill, please go to:http://www.justice.gov.za/legislation/invitations/CyberCrimesBill2015.pdf

30/09/2016

A new clever scam has reared its ugly head.

The criminals will attend wedding parties or other public gatherings and then approach the master of ceremonies (MC) to make an announcement about a particular car with a certain registration blocking them or that its lights are on. When the owner goes out to move the vehicle or switch off the lights, the armed criminals will be waiting at the vehicle. The owner will obviously have the vehicle’s keys with him/ her, which the criminals can then take to steal the vehicle.
If your registration number is announced at an event, do the following:
• Take your time before going out.
• Do not go out alone, go out in a company of at least two or more people.
• Do not go directly to where the vehicle is parked. Confirm from a distance if you are really blocking another vehicle or whether your lights are on.
• Watch your surroundings carefully before approaching the vehicle.

05/04/2016

Just giving everyone fair warning . . . . . Almost all Facebook accounts are being hacked. The profile picture and your name are used to create a new face book account. And then they want your friends to add them, your friends think it's you. I want you to know I have NO plans to open a new account, so please do not agree to a 2nd invitation from me!! Copy this message on your wall so that all your friends will be warned!

Do not forward or press share.

15/02/2016

14/02/2016

Hey! How’d They Get My Password?

You opened an e-mail attachment that you probably shouldn't have and now your computer has slowed to a crawl and other strange things are happening. Your bank called you saying there has been some strange activity on your account and your ISP has just "null routed" all traffic from your computer because they claim it is now part of a zombie botnet.

If your computer has been compromised and infected with a virus or other malware you need to take action to keep your files from being destroyed and also to prevent your computer from being used to attack other computers.

Here are the basic steps you need to perform to get back to normal after you've been hacked.

1. Isolate Your Computer
In order to cut the connection that the hacker is using to "pull the strings" on your computer, you need to isolate it so that it can't communicate on a network. Isolation will prevent it from being used to attack other computers as well as preventing the hacker from continuing to be able to obtain files and other information.

Pull the network cable out of your PC and turn off the Wi-Fi connection. If you have a laptop, there is often a switch to turn the Wi-Fi off. Don't rely on doing this through software, as the hacker's malware may tell you something is turned off when it is really still connected.

2. Shutdown and remove the hard drive and connect it to another computer as a non-bootable drive
If your computer is compromised you need to shut it down to prevent further damage to your files. After you have powered it down, you will need to pull the hard drive out and connect it to another computer as a secondary non-bootable drive. Make sure the other computer has up-to-date anti-virus and anti-spyware. You should probably also download a free rootkit detection scanner from a reputable source like Sophos.
To make things a little easier, consider purchasing a USB drive caddy to put your hard drive in to make it easier to connect to another PC. If you don't use a USB caddy and opt to connect the drive internally instead, make sure the dip switches on the back of your drive are set as a secondary "slave" drive.

If it is set to "master" it may try to boot the other PC to your operating system and all hell could break loose again.
If you don't feel comfortable removing a hard drive yourself or you don't have a spare computer then you may want to take your computer to a reputable local PC repair shop.

3. Scan your drive for infection and malware
Use the other host PC's anti-virus , anti-spyware, and anti-rootkit scanners to ensure detection and removal of any infection from the file system on your hard drive.

4. Backup your important files from the previously infected drive
You'll want to get all your personal data off of the previously infected drive. Copy your photos, documents, media, and other personal files to DVD, CD, or another clean hard drive.

5. Move your drive back to your PC
Once you have verified that your file backup has succeeded, you can move the drive back to your old PC and prepare for the next part of the recovery process. Set your drive's dip switches back to "Master" as well.

6. Completely wipe your old hard drive (repartition, and format)
Even if virus and spyware scanning reveals that the threat is gone, you should still not trust that your PC is malware free. The only way to ensure that the drive is completely clean is to use a hard drive wipe utility to completely blank the drive and then reload your operating system from trusted media.

After your have backed up all your data and put the hard drive back in your computer, use a secure disk erase utility to completely wipe the drive. There are many free and commercial disk erase utilities available. The disk wipe utilities may take several hours to completely wipe a drive because they overwrite every sector of the hard drive, even the empty ones, and they often make several passes to ensure they didn't miss anything. It may seem time-consuming but it ensures that no stone is left unturned and it's the only way to be sure that you have eliminated the threat.

7. Reload the operating system from trusted media and install updates
Use your original OS disks that you purchased or that came with your computer, do not use any that were copied from somewhere else or are of unknown origin. Using trusted media helps to ensure that a virus present on tainted operating system disks doesn't reinfect your PC.
Make sure to download all updates and patches for your operating system before installing anything else.

8. Reinstall anti-virus, anti-spyware, and other security software prior to any other programs.
Before loading any other applications, you should load and patch all your security related software. You need to ensure your anti-virus software is up-to-date prior to loading other applications in case those apps are harboring malware that might go undetected if yourvirus signatures aren't current

9. Scan your data backup disks for viruses before your copy them back to your computer
Even though you are fairly certain that everything is clean, always scan your data files prior to reintroducing them back into your system.

10. Make a complete backup of your system
Once everything is in pristine condition you should do a complete backup so that if this ever happens again you won't spend as much time reloading your system. Using a backup tool that creates a bootable hard drive image as a backup will help speed up future recoveries immensely.

Botnet – A Definition of Botnet

Definition: Botnets are groups of computers connected to the Internet that have been taken over by a hacker. The hacker controls all the computers and they behave like a “robot network” (a.k.a. "botnet"). Bonets contain anywhere from hundreds to thousands of computers. The botmaster (the hacker who controls the botnet) then uses these computers to send spam email, spread viruses, and attack other networks or any other variety of malicious activity. If your computer is hacked and becomes part of a botnet you may not even know it.

Also Known As: Bots, zombies, zombie army