158 Chapter 4 · Big Bad Botnets T IP Rbot (like many of the other bot programs, as well as other malware) often attempts to connect to network shares and other resources, using the creden- tials and access rights of the currently logged in user. You should use a login with restricted or limited access for day-to-day tasks, and only log in with full administrative privileges when it is necessary. This will limit the ability of malware to exploit the privileges of the logged in user to spread itself. Agobot (Gaobot) and Phatbot Agobot uses an innovative modular design and additional functionality; that is, infection is phased over three stages rather than delivered in one go by a single module. Stage one is the delivery of the first module, containing the IRC bot client and the RAT. Stage two is the shutdown of anti-virus processes. Stage three is to block access to a range of Web sites, most of them belonging to security vendors.