A world populated by zombies

Print page

RSS FEEDS

Latest Security articles

Latest Blog items

Latest News

Latest Support issues

Current Virus threats

2005-11-15 [Spreading mechanisms]

16 November 2005

Threats against the IT community are no longer dominated by viruses, worms and trojans. Other forms of dangers are constantly thrown upon the Internet community. While phishing attacks have received the largest amount of attention lately, one should not forget the highly prevalent threat of zombies.

Zombies are computers that have been compromized in such a way that they can be used to perform Distributed Denial of Service (DDoS) attacks on another computer. The owners of these compromized computers are normally not aware of the fact that their computer is now a tool that may be used for illegitimate purposes.

These compromized computers are eventually used to simultanously sending lots of - in itself harmless - commands against a computer or a network. The amount of commands is so huge that the computer/network breaks down and cannot perform its normal tasks any more. The first such attack was documented in August 1999 against the University of Minnesota, and soon well-known tools like Tribe Flood Network (TFN) and Stacheldracht were in common use. Later lots of new tools have been made available.

During the first six month of 2005 the number of Distributed Denial of Service attacks has increased with as much as the almost unbelievable amount of 680 %. The reasons for performing such attacks are often economical, either in form of blackmailing the selected company for money while threatening with a DDoS attack that would cause major financial loss for the targeted company. Or it might be a competitor that wants to hurt the company economically by taking down their website. (this is of course particularly dangerous for companies that makes money on their websites such as eBay and similar organisations). Either way it is estimated that 85 % of all computer crime today is done with financial motives.

This tremendous increase tells us that the number of zombies planted in computers must be extremely high. The main problem with these robots is that it is not obvious that you actually are infected. A sleeping robot - a zombie - can be installed in your computer system through an email, an open backdoor or through a download of what you think is a useful program. Once installed they might cause your computer to run slightly slower than it normally would, but in many cases it is hard to notice whether a computer is infected or not.

Adding this to the fact that it is almost impossible for a company to protect itself from a DDoS attack the “zombie-criminality" seems like an ideal and almost waterproof concept for IT criminals. Because the requests that are sent to the target company are legitimate, there is no way to stop them or prevent them from reaching the company’s site. The only way to reduce the number of such attacks it to avoid becoming a zombie. Antivirus solution and personal firewalls will help you stay protected and prevent hackers from installing robots in your computer.

Follow the links for more information about Norman Virus Control and Norman Personal Firewall.