Even the word—zombie–is scary. The most familiar meaning of the word “zombie,” made popular by Hollywood, is a corpse that has come back to life. But another dictionary definition is “one who looks or behaves like an automaton.” That’s the one that applies to computers.
A zombie is a computer that has been taken over by someone over the Internet. It works like a robot on behalf of this person. The phenomenon is as interesting as it is frightening.
Another term used in connection with zombies is “botnet,” which refers to a network of zombie computers that have been taken over. “Botnet,” or network of robots, can also refer to a network of computers doing automated tasks for beneficial purposes.
One such beneficial purpose is providing the support for Internet Relay Chat, which is a protocol for chatting over the Internet. But it’s the nefarious purposes that are the more interesting.
The most common nefarious purpose when taking over another PC is to send out spam on behalf of a scammer. The scammer prefers to use your machine to do his dastardly deeds to prevent himself or herself from getting caught.
The spam typically directs recipients to a “phishing” Web site, which mimics a legitimate credit card site, bank site, Internet auction site, Internet payment site, or other business site with the intention of tricking you into providing your personal information. Using personal information such as your credit card number or Social Security number, the scammer makes purchases in your name, empties your bank account, or otherwise steals your identity.
Another nefarious purpose that botnets are put to is serving unwanted pop-up ads and other advertising on PCs and charging clients each time an ad is clicked on. Yet another is to use others’ PCs to launch “denial-of-service” attacks on big companies or government agencies, shutting down their computer networks. Maybe the scariest purpose of all is using your PC as a zombie to turn other PCs into zombies too, with all of them then used to aid the scammer in his or her criminal enterprise.
The types of attacks have changed over the past 2 years, said Brian Trombley, McAfee’s product manager for consumer security products, in a phone interview. McAfee (www.mcafee.com) is one of the major and most reliable vendors of Internet security products, with other major vendors including Symantec (www.symantec.com), Trend Micro (www.trendmicro.com), and Microsoft (www.microsoft.com).
In the past, a typical hacker trying to attack or take over your PC was a teenage prankster, who tried to infect other computers with viruses, trojans, worms, and other malicious software or “malware” in order to gain a warped kind of prestige among fellow pranksters. Today, said Trombley, the attacks are more sophisticated and are designed for financial gain—and your financial loss.
From the research McAfee has done, Trombley believes that organized crime organizations in this country and abroad are behind most of the efforts. Some people have speculated that among these crime organizations are terrorist groups looking to take advantage of vulnerable Westerners to help finance their terrorist activities. Even though as yet there’s no proof of this, logic supports these fears. Scary, indeed.
At the World Economic Forum in January 2007, Vint Cerf, one of the fathers of the Internet, estimated that as many as a quarter of all computers connected to the Internet may surreptitiously be part of a botnet used by criminals. Highly publicized botnets include 10,000 zombie PCs controlled by a server in Norway in 2004 and 1.5 million zombie PCs engineered by a Dutch man in 2005.
All is not doom and gloom. For individual PC users, there are preventive measures to help ensure that your PC doesn’t become a zombie:
1. Keep your operating system up-to-date. If you’re running Windows, configure Windows Update to install security patches automatically.
2. Keep your other programs up-to-date as well, installing updates as they become available.
3. Use an Internet security suite such as McAfee Internet Security Suite, Symantec’s Norton Internet Security, or Trend Micro Internet Security, and keep it up-to-date as well.
McAfee Internet Security Suite comes bundled for free with some Internet service providers (ISPs), such as Comcast and MSN, and it includes the most important, but not all, of the protections in the full version. If you have a subscription with such an ISP and you want to use the free security protection, you have to install it from the ISP’s Web site.
Reid Goldsborough is a syndicated columnist and author of the book Straight Talk About the Information Superhighway. He can be reached at firstname.lastname@example.org or http://www.reidgoldsborough.com.