You know what zombies are, right? Those jerky-movement automatons of undead fame, the movies go nuts with the make-up and axes sticking out of their heads, those zombies. Well, I’m not talking about the Army of the Undead. I’m talking about the slave computers running at the behest of hackers used for Denial Of Service attacks on websites for extortion or other nefarious means.
A zombie is:
A computer that has been implanted with a daemon that puts it under the control of a malicious hacker without the knowledge of the computer owner. Zombies are used by malicious hackers to launch DoS attacks. The hacker sends commands to the zombie through an open port. On command, the zombie computer sends an enormous amount of packets of useless information to a targeted Web site in order to clog the site’s routers and keep legitimate users from gaining access to the site. The traffic sent to the Web site is confusing and therefore the computer receiving the data spends time and resources trying to understand the influx of data that has been transmitted by the zombies. Compared to programs such as viruses or worms that can eradicate or steal information, zombies are relatively benign as they temporarily cripple Web sites by flooding them with information and do not compromise the site’s data. Such prominent sites as Yahoo!, Amazon and CNN.com were brought down in 2000 by zombie DoS attacks.
This article over at NYTimes is the root of my post, they mentioned something which is mind-boggling, that 170,000 computers a DAY are being added to the ranks of zombies. What is more telling is something they write:
“What this points out is that even though critical infrastructure is fairly well secured, the real vulnerability of the Internet are those home users that are individually vulnerable and don’t have the knowledge to protect themselves,” Mr. Alperovitch said. “They pose a threat to all the rest of us.”
And that’s really the crux of it. Computers are so commonplace now that nearly everyone has one, many families have more than one, but 95% of people simply don’t know how to use a computer properly. They have no comprehension of how to protect themselves from virii, or trojans, or how to update their anti-virus program, or how to configure their firewall. This is what is continuing and propagating the spread of hackers and their tools.
With the rapid spread and use of high-speed connections, people are more and more inclined to leave their computers running, giving hackers tools that run 24 hours a day. Even those people that DO update anti-virus programs do not do so every day; with 10 new virii a day and legions of hackers out there, these computers are just ripe for the picking.
My recommendation for anti-virus software (the one I use on all my computers): Panda Anti-Virus. It is a hardcore anti-virus program, very aggressive, and catches several virii in emails and downloaded programs I encounter. I do not work, or sign in anywhere, on any of my computers if I don’t have my Panda.
I use two programs for anti-spyware/anti-adware work. The first one is called SpyBot, which I find really useful as it can also immunize you against further infections of a known spyware. The second one is PestPatrol which I use on my second computer, and have been using for several years now. I cannot express how often you should run these, I use the scheduling facilities to run this once every other day (and sometimes during the day when I’m not doing anything). Do NOT let your computer become a zombie!