How Do I Know If My PC Is A Zombie?

By | April 4, 2006

With the myriad of jargon that technology often spawns, especially concerning security, businesses and consumers could be forgiven for hearing terms like phishing, pharming, worms, zombies and Trojans, knowing that what they represent isn’t good, but not really understanding what they mean.

It would take much more than the space available to detail all of them plus their various effects, so this article will concentrate on one of the most worrying, vicariously interesting trends currently affecting PC users worldwide; the “what?”, “why?” and “how?” of zombies, Trojans, spam and botnets.

The easiest way to think about any kind of PC threat is to consider the effects; what it might mean to you as an individual or to your business. So, if a business is subject to a denial of service attack (when, say, a legitimate website is flooded with traffic, crashing it, followed by an anonymous demand for money in order to halt this deluge of data), if you receive spam regularly from many different sources, if important business or personal data is stolen from you (you may not actually know if this has happened) – then you have a fair idea of how annoying or worrying you would consider this subject matter.

The question of how all this happens is a little more in-depth, as a number of interlinked methods is used to achieve the ultimate object. Which is money, incidentally; in common with a lot of what might be termed “bad” in the Webbed world, motivation for writing viruses, sending out spam etc. is financial gain more often than not, especially in the last couple of years.

Botnets and Zombies

“Zombie” computers are computers that are connected to the internet and have a virus or Trojan software installed which allows a hacker or other unauthorized person to remotely access and issue commands to the PC via the internet. So – your PC might be under someone else’s control without you being aware of it. A collection of PCs that are similarly affected and controlled by one entity or person is termed a botnet – short for robot network.

A botnet can consist of tens or even hundreds of thousands of zombie computers in some cases. As some of these botnets are very large, they provide whoever controls them with huge amounts of ‘free’ bandwidth which can be used for various illegal activities, such as sending large volumes of spam messages and performing distributed denial of service attacks on legitimate websites as described above. To give an example of the potential problem a denial of service attack could cause to a website; a botnet with 1000 zombie computers, all with 512k broadband connections, would give the hacker a theoretical maximum of over 100MBit/s bandwidth to send spam or bombard networks with.

A single PC in a botnet can be used to send thousands of spam messages per day; the most frequently seen spam messages have been sent from zombie computers. A botnet containing a large number of zombies could be used to send millions of spam messages per day. The owners of the networks of zombie computers rent them out to spammers or for denial of service attacks for as little as $100 per hour. In the first US prosecution of a botnet owner, Jeanson James Ancheta admitted earning approximately $3,000 in more than 30 separate transactions by selling access to his botnets. The botnets were used to send spam and perform distributed denial of service (DDOS) attacks.

Has Anyone Got My Details?

The Trojan software installed on the zombie PC is also frequently used to record keystrokes entered on the PC by its legitimate user, in order to capture passwords, credit card and internet banking details, which are then forwarded to the botnet owner. In some cases the Trojan software can display information from the user’s screen remotely, copy files to and from the PC, create http or ftp sites on the computer, monitor keystrokes and even monitor the computer speakers in some cases. In today’s world, where transactions and banking are more and more commonly conducted online, the sort of data that could be obtained is demonstrably very sensitive – best avoided! For a computer to become a zombie it has to be infected with a virus or other Trojan software. This may occur through infected PCs trawling locally stored e-mail addresses to attempt to infect other peoples’ PCs too, but hackers also scan the internet for machines that are not protected by a Firewall and then probe these machines for any security holes that can be used to access the PC and install the remote access programs.

Once the machine has this remote access program installed it is infected, and logs itself in to a place where the botnet’s owner can issue commands to some or all of the zombie computers. So – your own PC will both monitor for, and respond to, specific commands from the owner of the botnet. Something else that can happen when a Trojan infects your PC is that the software often modifies the file on your PC that is used to find web sites when using the internet. For example, clicking on what you might think is your usual online bank’s web address may lead to you being automatically redirected to a fake website that looks like the regular one. You input your secret login information, the fake site records this information, and your bank account is emptied.

Is My PC a Zombie?

If your PC has Trojan software installed you may notice that it runs a lot slower than usual, the internet connection is slower than normal and the machine behaves erratically. If the machine is used to send spam or perform denial of service attacks you may notice a lot of unusual internet activity. If you have an external modem or broadband router, you may notice that the data light is constantly on for long periods of time, even when you are not using the internet. If a desktop firewall is installed, you may receive notification messages that programs are trying to access the internet.

You can protect your computer from becoming a zombie machine by using anti-virus and firewall software, and making sure they are kept up-to-date. As new viruses are discovered on a daily basis, out-of-date virus software may well be ineffective and will not catch newer viruses or new variants of older viruses. Any PC that is connected to the internet via a broadband or an ‘always on’ internet connection is particularly at risk of becoming infected; as the PC is connected to the internet permanently there is a greater chance of it being found by a hacker, scanned for vulnerabilities, and then hacked.

Leave a Reply