Zombie Computers and Botnets

If you've ever wondered who is sitting around sending out all those spam emails, the answer may be you. A recent New York Times article estimates that as much as 80 percent of spam messages are sent out by the computers of ordinary individuals who have no idea their computers have been converted into 'zombies'. A 'zombie' computer is simply a computer infected with malware that causes it to act as a tool of a spammer by silently sending out thousands of emails from the owner's email address.

Infected 'zombie' computers, are organized by spammers into small groups called 'botnets'. These 'botnets' then send out spam that may include phishing attempts, viruses and worms. Unfortunately for network managers and business owners, the 'zombie' malware threat is expected to continue to grow both in number and variety over the next few years. Currently, 'zombies' are used to send out the following types of malware:Spamming and phishing attacks.

This classic form of 'Zombie' computers is still the most common. Using a hidden program, zombie computers emulate human clicking on ads at a website or weblog. While Google said in Dec 2006 that click fraud for their AdSense contextual ad network is less than 2 percent, some advertisers have much higher estimates. Whatever the actual figure, creating click fraud zombies is currently a multi-million dollar industry, so do not expect it to stop soon.

DoS attacks:- Your company may have malicious competitors, or spiteful former employees who will stoop to any level to bring your company down. In this instance, your enemy might launch a Denial-of-Service attack (DoS) which is an attack designed to make the hosted pages of a website or network become unavailable to customers or employees. For instance, a spiteful former employee may launch a Dos attack on your biggest selling day of the year. Consequently, your company will lose all the business it might have had that day as customers are unable to access your Web site.

Pump and dump stock schemes:- In this scheme, spammers buy up a large block of a penny stock (especially sub-$1 per share), then use their 'Zombies' to spam millions of people with emails about the stock in the hopes that a few fools will take the bait and buy a few thousand shares, thus raising the price. After the price spike, the spammer then sells off his holdings and makes a quick buck.

Prevention
Because ‘botnets’ typically work silently on ‘zombie’ computers and are often enabled by the secret installation of Trojan horses, it is very difficult to tell whether a computer has been infected. Preventing ‘botnets’ from turning your network computers into 'zombies' requires that you educate your employees to keep all forms of security software up to date, and to run a virus scan regularly, preferably nightly. In addition to nightly scanning, train your employees to look for sudden unusual behavior of your computer(s), such as persistent slowdowns, crashing, as a sign that they may be infected. If, despite your best efforts, a network computer becomes infected, treatment can vary wildly, from a simple scanning for and deleting the botnet, to a reformatting of the computer's hard drive.