Computer zombies are out to get you. That may sound like a tagline from a bad B movie, but there's truth behind it.
A "zombie" in the computer lexicon is a computer that has been taken over by a piece of malicious software planted by a hacker typically for the purpose of secretly sending out unauthorized mass email, or spam. That computer could be yours, and you could be totally in the dark about it.
According to a recently released study by computer security software company McAfee, cybercriminals are having increasing success in commandeering the computers of others through the internet in this way. McAfee has a vested interest in sounding the alarm. By doing so, it stands to sell more software. But it's a company that has been around since 1987 and has a good reputation.
In the U.S., fully 18% of personal computers have become zombies, nearly a 50% increase from the previous quarter, according to "McAfee Threats Report: First Quarter 2009" (http://img.en25.com/Web/McAfee/5395rpt_avert_quarterly-threat_0409_v3.pdf).
If your computer is turned into a zombie, it becomes part of a "botnet," or robot network. This also sounds like science fiction, but it's frighteningly real. Botnets can consist of thousands of commandeered computers all working behind the scenes to carry out the objectives of the person or persons behind them.
One botnet facilitator, a web-hosting company in San Jose, Calif., was taken down in November 2008-but only after reportedly being responsible for billions of spam emails a day.
Botnets aren't all set up for nefarious purposes. But those consisting of zombies are. Along with spam, zombie computers may be used for other purposes as well.
Zombies can launch "distributed denial-of-service" attacks, where a large number of computers are directed to access a single website simultaneously, overloading it and preventing legitimate users from accessing it. Zombies can also launch "distributed degradation-of-service" attacks, which are less intense than denial-of-service attacks. These attacks require more-frequent flooding of a website in order to slow it down and compromise its usability.
Another purpose carried out by zombies is connecting en masse to websites that carry pay-per-click advertising. Here, the false connections don't bring or slow the site down but, instead, artificially boost "click-throughs" on its ads, thereby committing "click fraud."
Spam remains, however, the most common reason that zombie networks are set up. Among the most common items advertised by spam, according to the McAfee report, are counterfeit prescription drugs, bogus male enhancement products, and counterfeit watches. The connection is clear.
Another big part of the spam problem are "phishing" emails, which are attempts at tricking you into revealing your credit card, banking, Social Security, or other personal information so the criminal or criminals behind the emails can steal your identity.
Welcome to the computer age.
Though criminal activity involving computers may be increasing, it has been around since before the personal computer revolution began in the late 1970s and early 1980s. There's no cause for panic. There is cause for prudence.
To protect yourself, use a firewall program designed to block incoming and outgoing traffic. The firewall software that comes with Microsoft Windows and the Mac OS provide basic protection. But as with most such bundled utilities, you can do better with a third-party program.
McAfee (www.mcafee.com) and Symantec (www.symantec.com) provide robust firewalls, sold separately or packaged in their security suites. ZoneAlarm (www.zonealarm.com), which is available in free and pay versions, is another well-regarded firewall. Whatever you use, make sure you keep it up-to-date.
One new program designed specifically for detecting zombie attacks that's getting good press is RUBotted (www.trendsecure.com/portal/en-US/tools/security_tools/rubotted). It's a free offering from Trend Micro that's still in beta, or test mode. But it appears to be stable.
You should also use antivirus and anti-spyware software, and you should also keep these programs up-to-date. Keep your computer's operating system, web browser, and other software up-to-date as well with security and other patches.
Be careful with file attachments that come with email messages, particularly if they're from unknown sources. Even if you know the source, if you're not expecting the attachment, it's safest to send a quick email asking if that person was the one who actually sent it.
Finally, be careful with downloaded games and other software. Only download files from reputable websites.
If your computer does become a zombie, you won't necessarily lose data. But your computer will slow down, as will your access to the internet-not to mention the bad things you'll be helping the bad guys get away with.
Reid Goldsborough is a freelance writer based in Pennsylvania.