Zombie computer

From Wikipedia, the free encyclopedia

This article is about computers that have been compromised by malware. For other uses, see Zombie (disambiguation).

A zombie computer (often shortened as zombie) is a computer attached to the Internet that has been compromised by a hacker, a computer virus, or a trojan horse. Generally, a compromised machine is only one of many in a botnet, and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombies.

(1) Spammer's web site (2) Spammer (3) Spamware (4) Infected computers (5) Virus or trojan (6) Mail servers (7) Users (8) Web traffic
(1) Spammer's web site (2) Spammer (3) Spamware (4) Infected computers (5) Virus or trojan (6) Mail servers (7) Users (8) Web traffic

Zombies have been used extensively to send e-mail spam; as of 2005, an estimated 50–80% of all spam worldwide was sent by zombie computers.[1] This allows spammers to avoid detection and presumably reduces their bandwidth costs, since the owners of zombies pay for their own bandwidth.

For similar reasons zombies are also used to commit click fraud against sites displaying pay per click advertising. Others can host phishing or money mule recruiting websites.

Zombies have also conducted distributed denial of service attacks, such as the attack upon the SPEWS service in 2003, and the one against Blue Frog service in 2006. In 2000, several prominent Web sites (Yahoo, eBay, etc) were clogged to a standstill by a distributed denial of service attack mounted by a Canadian teenager. An attack on grc.com is discussed at length, and the perpetrator, a 13-year old probably from Kenosha, Wisconsin, identified on the Gibson Research Web site. Steve Gibson disassembled a 'bot' which was a zombie used in the attack, and traced it to its distributor. In his clearly written account about his research, he describes the operation of a 'bot' controlling IRC channel.[2]

Network Intrusion-prevention systems (NIPS) are purpose-built hardware/software platforms that are designed to analyze, detect, and report on security related events. NIPS are designed to inspect traffic and based on their configuration or security policy, they can drop malicious traffic while an ASIC-based Intrusion-prevention system (IPS) could detect and block denial of service attacks; these have the processing power and the granularity to analyze the attacks and act like a circuit breaker in an automated way.[3]

[edit] References

  1. ^ Tom Spring, Spam Slayer: Slaying Spam-Spewing Zombie PCs, PC World, 2005-06-20
  2. ^ Steve Gibson, The Attacks on GRC.COM, Gibson Research Corporation, first: 2001-05-04, last: 2005-09-17
  3. ^ Denial-of-service_attack#IPS_based_prevention

[edit] External links