Zombies and Botnets
No, we’re not talking about the walking dead in low-budget horror movies. We’re talking about zombie computers (often shortened to zombies), which are computers attached to the Internet that have been compromised by a computer virus or Trojan horse. Since most owners of zombie computers are unaware that their system is being used in this way, these computers are metaphorically compared to zombies. Creating zombies out of home computers has become a popular tool used by hackers, unscrupulous marketers, and others with malicious intent.
How do computers become zombies? Viruses are used to penetrate the computer of an unsuspecting victim. The virus can be from an e-mail attachment or it can be downloaded with another program. Zombies are often created from a type of virus called a Trojan horse. Like the wooden horse that the Trojans believed to be a gift but later found filled with Greek soldiers, this type of virus invisibly piggybacks on another program or virus. Once the Trojan is in your computer, the person who sent it can access your data and programs as well as give your computer instructions to perform illegal tasks. Your computer, like a zombie, simply follows the instructions it’s given.
Generally, a zombie is only one of many computers in a botnet. The term refers to a collection of compromised computers running programs automatically under remote direction. Botnets are highly valued by online criminals for a number of reasons. They allow spammers to more easily avoid detection, expand their operations by infecting new computers, and reduce bandwidth costs since zombie owners pay for their own Internet access.
Zombies and the botnets they form have become a widespread problem on the Internet. Computer security experts estimate that between 50 and 80 percent of all spam is now relayed by zombies in people’s homes and offices without their knowledge. Here’s a case in point: In June 2007, Robert Alan Soloway, described as one of the world's most prolific spammers, was arrested and accused of using networks of zombies to send out tens of millions of spam messages. Following the arrest, federal authorities said computer users actually noticed a decrease in the amount of junk e-mail. Soloway is presently in prison awaiting sentencing this summer.
7 Warning Signs of a Zombie
How do you know if your computer has been turned into a zombie? It can sometimes be difficult to recognize the presence of this cleverly hidden software, but watch for these seven warning signs that your computer may be infected:
1. Your computer slows down and seems sluggish.
2. You receive mysterious messages such as e-mails accusing you of sending spam.
3. You find e-mail messages in your outbox that you didn’t send.
4. You get excessive bounce notification from people you never tried to e-mail.
5. Your computer uses more power than it has in the past to run the programs you use.
6. The mouse or keyboard becomes unresponsive.
7. Your computer seems to be accessing the hard drive constantly.
All of these warning signs can also be symptoms of other computer problems so they don’t automatically mean that your computer is a zombie. But if you notice any of them, you should take action. One place to start is to get a free virus scan with the Windows Live OneCare safety scanner available at http://onecare.live.com/sc.
If Your Computer is Infected …
Should your computer show symptoms of virus infection, first make sure that the software on your computer is up to date. If you currently use antivirus software, visit the manufacturer's website, update your software, and then perform a thorough scan of your computer. If you don't use antivirus software, check with your Internet Service Provider for its recommendations on software solutions.
The final step for PC users is to run the Microsoft Malicious Software Removal Tool. The Malicious Software Removal Tool checks computers running Windows Vista, Windows XP, Windows 2000, and Windows Server 2003 for infections by specific, prevalent malicious software and helps remove any infection found.
Help Keep Your Computer from Becoming a Zombie
According to the Federal Trade Commission (FTC), spammers can get into your computer in several ways, depending on what kind of Internet connection you have. All computers connected to the Internet are potential targets, but those with broadband (DSL or cable modem) connections are especially attractive to spammers because they are “always on.”
To minimize the chances of your computer becoming a zombie, it’s imperative to maintain a strong line of defense by following these tips:
• Never open an attachment in an e-mail or instant message unless you know exactly what the attachment is, even if it's from someone that you know. Attachments can contain e-mail viruses.
• Delete spam without opening it.
• Use an Internet firewall.
• Keep your operating system and Web browser current.
• Subscribe to antivirus software and antispyware software, and keep them current. Some zombie software can hide itself from virus and malware scanners by installing a rootkit (a collection of hacking tools used to establish hidden control in a remote computer). For this reason, you may also want to get free rootkit-revealing software such as Sophos Anti-Rootkit and Sysinternals' RootkitRevealer.
• Use licensed software products. Unlicensed software can be more susceptible to viruses, and can even come with viruses already installed without your knowledge. Don’t allow untrusted websites to install software.
• Back up your system each week after a clean scan.
Botnets are Busy
Botnets, which can include as many as 100,000 individual zombies, carry out a variety of malicious activities. They can:
• Distribute spam
• Spread viruses
• Attack other computers and servers
• Perpetuate phishing scams
• Commit click fraud against sites displaying pay-per-click advertising
• Copy, infect, corrupt, or even erase the hard drive
• Install keystroke loggers to collect each keystroke a user types on a computer
• Gather information to commit identity theft
• Grow larger botnets by infecting new computers