- Zombie computer
A zombie computer (often shortened as zombie) is a computer attached to the
Internet that has been compromised by a hacker, acomputer virus , or a trojan horse. Generally, a compromised machine is only one of many in abotnet , and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared tozombie s.Zombies have been used extensively to send
e-mail spam ; as of 2005, an estimated 50–80% of all spam worldwide was sent by zombie computers. [Tom Spring, [http://www.pcworld.com/article/id,121381-page,1/article.html Spam Slayer: Slaying Spam-Spewing Zombie PCs] , "PC World", 2005-06-20] This allowsspammer s to avoid detection and presumably reduces their bandwidth costs, since the owners of zombies pay for their own bandwidth.For similar reasons zombies are also used to commit
click fraud against sites displayingpay per click advertising. Others can hostphishing ormoney mule recruiting websites.Zombies have also conducted distributed denial of service attacks, such as the attack upon the SPEWS service in 2003, and the one against
Blue Frog service in 2006. In 2000, several prominent Web sites (Yahoo ,eBay , etc) were clogged to a standstill by adistributed denial of service attack mounted by a Canadian teenager. An attack on grc.com is discussed at length, and the perpetrator, a 13-year old probably fromKenosha, Wisconsin , identified on the Gibson Research Web site. Steve Gibson disassembled a 'bot' which was a zombie used in the attack, and traced it to its distributor. In his account about his research, he describes the operation of a 'bot' controllingIRC channel. [Steve Gibson, [http://www.grc.com/dos/grcdos.htm The Attacks on GRC.COM] , "Gibson Research Corporation ", first: 2001-05-04, last: 2005-09-17]Network Intrusion-prevention systems (NIPS) are purpose-built hardware/software platforms that are designed to analyze, detect, and report on security related events. NIPS are designed to inspect traffic and based on their configuration or security policy, they can drop malicious traffic while an ASIC-based Intrusion-prevention system (IPS) could detect and block denial of service attacks; these have the processing power and the granularity to analyze the attacks and act like a circuit breaker in an automated way. [
Denial-of-service_attack#IPS_based_prevention ]References
External links
* [http://ironport.com/company/ironport_pr_2006-06-28.html Study by IronPort finds 80% of e-mail spam sent by Zombie PCs. June 28, 2006]
* [http://www.vnunet.com/vnunet/news/2144375/botnet-operation-ruled-million Botnet operation controlled 1.5 million PCs]
* [http://antivirus.about.com/od/whatisavirus/a/zombiepc.htm Is Your PC a Zombie? on About.com]
* [http://lowkeysoft.com/proxy/ Intrusive analysis of a web-based proxy zombie network]
* [http://tweezersedge.com/archives/2005/02/000534.html A detailed account of what a zombie machine looks like and what it takes to "fix" it]
* [http://www.tqmcube.com/zombies.php Data and graphics related to zombie originated spam]
* [http://radsoft.net/news/roundups/grc/wkd/ Correspondence between Steve Gibson and Wicked]
* [http://johnbokma.com/mexit/2006/01/16/zombie-comment-spam-referer-spam.html Zombie networks, comment spam, and referer (sic) spam] - describes comment spam and referer (sic) spam caused by zombie computers
Wikimedia Foundation. 2010.
