It seems that people love zombies these days. We can't seem to get enough of them. We have zombie movies, TV shows, comics and novels. They are such a hot topic that the Center for Disease Control (CDC) in Atlanta and the Department of Homeland Security have both published guides on how to prepare for a "Zombie Apocalypse"!
All in good fun! What's NOT fun is to have a zombie computer.
As we all know, a "real" zombie shuffles along without appearing to be aware of what has happened to them and what is going on around them. With a zombie computer, it is the user of the computer that is unaware of what is happening.
Guess what? Your computer could be a zombie right now!
Does your computer run slow even when you're not using multiple applications? Are you denied access to web sites that offer antivirus or firewall programs? Your computer might be a zombie!
A zombie is a computer controlled by a hacker. It can be used to perform malicious and even criminal tasks. Hackers commonly use a Trojan horse virus to "zombify" a computer. A Trojan horse is a malware program that pretends to be something benign to trick a user into running it.
For example, a user may download a Trojan from an email, web forum or web site thinking it is just a video game. The program might actually run as a video game that the user enjoys and, unwittingly, forwards to someone else.
Unfortunately, the program is not just a video game. It proceeds to engage in nefarious activities that can include controlling the computer and enlisting it into a network of computers called a botnet.
The internet, which is now the universal standard for networking and communication, is based on published standards and open technologies. Today, billions of computers are using the exact same technology to connect with other computers and communicate. This is technology that is free, widely available and whose inner workings are in the public domain.
That makes the lives of hackers much easier than if we were still using a hodge-podge of proprietary and licensed technologies. Vulnerability is a price we pay for standardization.
Hacked computers can be commanded using internet communication protocols such as IRC and HTTP. IRC is used by Instant Messaging and Chat applications while HTTP is used by web servers to send you web pages.
Networks of zombie computers are used to generate e-mail spam and launch a Distributed Denial of Service (DDoS) attacks. You have almost certainly seen those emails. They are to email marketing what snake oil was to 19th century hucksters. They promise a cure for everything that ails you, from male pattern baldness to erectile dysfunction. Be careful, though. A fool and their credit card number are soon parted and the consequences can be severe. And you will still be bald and lonely!
To understand a DDoS attack, think about those zombie movies. There is always a scene where the survivors are hiding in a house surrounded by a horde of undead trying to get in, banging on the door and trying break in through the windows. They may be able to hold out, but there is no way anyone else can get in to help or for them to get out. They are locked down!
A DDoS attack floods a web site with a horde of messages, so many that other messages can't get to the target and the target can't send messages out. It gets locked down!
Some of the most prominent internet companies, including Yahoo and EBay have been DDoS victims. The government of South Korea and US Government Agencies such as the CIA are also on the list of victims.
Zombie computers are also used for crimes with a financial motive such as click-fraud. For example, an online advertiser pays an associate a small commission each time an advertising banner is clicked on. A zombie network can be used to run scripts that make it appear that a user from each computer has clicked on the ad one or more times, generating undeserved commission.
A variant of this fraud was portrayed on the popular TV show "Breaking Bad". Money was laundered through a web site setup to raise funds to pay for medical care for the show's main character Walter White. Mr. White is a cancer victim who was actually financing his treatments by producing and selling crystal meth. Unbeknownst to the site creator, Walt Jr, the donations were coming from a global network of zombie computers setup to funnel his ill-gotten gains into an otherwise legitimate charity!
Sadly, this is more fact than fiction. And no small matter. The largest botnet discovered to date was the Bredo Lab or Ocasia botnet with over 30 million zombie computers networked. At its peak, it was generating an estimated 3.2 billion spam emails per day.
Ok, so now you understand the problem. How do you know if your computer is a zombie?
Here are 7 tell-tale signs that your computer might just be a zombie:
Your computer slows down for no apparent reason. You expect your computer to run slow when you have many applications open, but if it is slow even with one app open you should look for a problem.Your current antivirus software becomes disabled. Zombie programs can have a self-preservation instinct and may disable your existing antivirus software, hampering your ability to resolve the problem.
You are blocked from accessing web sites where you can download antivirus software. This is bad. Not only may the zombie disable the antivirus systems you have installed but it will proactively attempt to block you from downloading new antivirus software.
Your emails are bounced back to you blocked. The activity of a zombie computer can cause it to get blacklisted by email servers. If you are getting your emails returned then you may be on the blacklist.
Your computer has visited places you haven't. If you have firewall software, you can check to see where outgoing messages have been sent. If you don't recognize many of the sites, you could have zombie on your hands.
Your computer is taking longer to startup and shutdown. A zombie process may consume a lot of system resources when starting and shutting down.
Loss of hard disk space or no apparent reason. A zombie process may generate a lot of data and save a lot of messages. If you are suddenly short space on your hard drive, you could have a Zombie.
If your computer does turn out be "zombified", what can you do about?
If you have a restore point you could try restoring the computer to a point before the infection. That might or might not work. It might only cause the infection to go dormant, only to re-awake later.
You can always "nuke" your machine, that is, reformat the hard drive and reload everything from scratch starting with the operating system. That'll work, but "Oh the humanity!". It's time consuming, requires that you have original installations of all your required applications and if you restore backed up data files you might just re-introduce the infection by accident.
The best answer is to find an antivirus system that can cure the infection and prevent it from happening again. Clearly, it is not the software that you've been using!
The problem with most antivirus systems is that they only address viruses and exploits that have been identified and added to a "blacklist" of known viruses. When a new villain is unleashed on the world, they will eventually update their blacklist for this specific issue. If you get the latest update you will be ok, but only until the next exploit or virus is unleashed on the world.
Every day, an estimated 50,000 new viruses are unleashed!
You see, you are always running to stay ahead of the latest villain on the loose! There will always windows of opportunity for the villain to get to you and, perhaps, turn your system into a zombie.
In my opinion, the best antivirus software and firewalls use a "whitelist" system and sandbox technology. The way this works is the scanner only permits software to operate within your system if it is on a list of valid programs. If it suspects that any software has a problem, it will allow the program to run in an isolated system area called a sandbox. Based on its behavior in the sandbox, the AV software will determine if it is OK or should be deleted.
Of course, it is even more important to be protected if you are operating a commercial web site. You don't want to be spreading viruses to your customers! In addition to antivirus and firewall protection be sure to use the Secure Socket Layer (SSL) and SSL Certificates.
SSL creates a secure connection between the browser and the web server, encrypting data transferred. An SSL Certificate provides additional security for the user by authenticating the web site, giving users confidence that they can provide personal information safely.
The really scary thing about this is that becoming a zombie computer is only one of many threats that you have to deal with if you are connected to the internet.
Every internet user should have the best antivirus and firewall protection they can find. Every website that exchanges personal information should have the best SSL Certificate protections available. If you have multiple subdomains you can protect all of them with a single wildcard SSL.
0 comments:
Post a Comment