Zombie computer
Encyclopedia
In computer science
, a zombie is a computer
connected to the Internet
that has been compromised
by a cracker, computer virus
or trojan horse
and can be used to perform malicious tasks of one sort or another under remote direction. Botnet
s of zombie computers are often used to spread e-mail spam
and launch denial-of-service attack
s. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombie
s.
; as of 2005, an estimated 50–80% of all spam worldwide was sent by zombie computers. This allows spammers to avoid detection and presumably reduces their bandwidth costs, since the owners of zombies pay for their own bandwidth. This spam also greatly furthers the spread of Trojan horses; as Trojans, they are not self-replicating. They rely on the movement of e-mails or spam to grow, whereas worms can spread by other means.
For similar reasons zombies are also used to commit click fraud
against sites displaying pay per click
advertising. Others can host phishing
or money mule
recruiting websites.
Zombies can be used to conduct distributed denial-of-service attacks, a term which refers to the orchestrated flooding of target websites by large numbers of computers at once. The large number of Internet users making simultaneous requests of a website's server are intended to result in crashing and the prevention of legitimate users from accessing the site. A variant of this type of flooding is known as distributed degradation-of-service. Committed by "pulsing" zombies, distributed degradation-of-service is the moderated and periodical flooding of websites, done with the intent of slowing down rather than crashing a victim site. The effectiveness of this tactic springs from the fact that intense flooding can be quickly detected and remedied, but pulsing zombie attacks and the resulting slow-down in website access can go unnoticed for months and even years.
Notable incidents of distributed denial- and degradation-of-service attacks in past include the attack upon the SPEWS
service in 2003, and the one against Blue Frog
service in 2006. In 2000, several prominent Web sites (Yahoo, eBay
, etc.) were clogged to a standstill by a distributed denial of service attack mounted by a Canadian teenager. An attack on grc.com is discussed at length, and the perpetrator, a 13-year old probably from Kenosha, Wisconsin
, was identified on the Gibson Research Web site. Steve Gibson disassembled a 'bot' which was a zombie used in the attack, and traced it to its distributor. In his account about his research, he describes the operation of a 'bot'-controlling IRC channel.
Beginning in July 2009, similar botnet
capabilities have also emerged for the growing smartphone
market. Examples include the July 2009 in the wild release of the Sexy Space text message worm, the world's first botnet capable SMS
worm, which targeted the Symbian
operating system in Nokia
smartphones. Later that month, Charlie Miller
revealed a proof of concept text message worm for the iPhone
at Black Hat
. Also in July, United Arab Emirates
consumers were targeted by the Etisalat
BlackBerry spyware program. At the present time, the security community is divided as to the real world potential of mobile botnets. But in an August 2009 interview with The New York Times
, cybersecurity consultant Michael Gregg
summarized the issue this way: "We are about at the point with phones that we were with desktops in the ’80s.”
Computer science
Computer science or computing science is the study of the theoretical foundations of information and computation and of practical techniques for their implementation and application in computer systems...
, a zombie is a computer
Computer
A computer is a programmable machine designed to sequentially and automatically carry out a sequence of arithmetic or logical operations. The particular sequence of operations can be changed readily, allowing the computer to solve more than one kind of problem...
connected to the Internet
Internet
The Internet is a global system of interconnected computer networks that use the standard Internet protocol suite to serve billions of users worldwide...
that has been compromised
Computer security
Computer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...
by a cracker, computer virus
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
or trojan horse
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
and can be used to perform malicious tasks of one sort or another under remote direction. Botnet
Botnet
A botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...
s of zombie computers are often used to spread e-mail spam
E-mail spam
Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...
and launch denial-of-service attack
Denial-of-service attack
A denial-of-service attack or distributed denial-of-service attack is an attempt to make a computer resource unavailable to its intended users...
s. Most owners of zombie computers are unaware that their system is being used in this way. Because the owner tends to be unaware, these computers are metaphorically compared to zombie
Zombie
Zombie is a term used to denote an animated corpse brought back to life by mystical means such as witchcraft. The term is often figuratively applied to describe a hypnotized person bereft of consciousness and self-awareness, yet ambulant and able to respond to surrounding stimuli...
s.
History
Zombies have been used extensively to send e-mail spamE-mail spam
Email spam, also known as junk email or unsolicited bulk email , is a subset of spam that involves nearly identical messages sent to numerous recipients by email. Definitions of spam usually include the aspects that email is unsolicited and sent in bulk. One subset of UBE is UCE...
; as of 2005, an estimated 50–80% of all spam worldwide was sent by zombie computers. This allows spammers to avoid detection and presumably reduces their bandwidth costs, since the owners of zombies pay for their own bandwidth. This spam also greatly furthers the spread of Trojan horses; as Trojans, they are not self-replicating. They rely on the movement of e-mails or spam to grow, whereas worms can spread by other means.
For similar reasons zombies are also used to commit click fraud
Click fraud
Click fraud is a type of Internet crime that occurs in pay per click online advertising when a person, automated script or computer program imitates a legitimate user of a web browser clicking on an ad, for the purpose of generating a charge per click without having actual interest in the target...
against sites displaying pay per click
Pay per click
Pay per click is an Internet advertising model used to direct traffic to websites, where advertisers pay the publisher when the ad is clicked. With search engines, advertisers typically bid on keyword phrases relevant to their target market...
advertising. Others can host phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
or money mule
Money mule
A money mule is a person who transfers stolen money or merchandise from one country to another, either in person, through a courier service, or electronically. The term is commonly used to describe on-line scams that prey on victims who are unaware that the money or merchandise they are...
recruiting websites.
Zombies can be used to conduct distributed denial-of-service attacks, a term which refers to the orchestrated flooding of target websites by large numbers of computers at once. The large number of Internet users making simultaneous requests of a website's server are intended to result in crashing and the prevention of legitimate users from accessing the site. A variant of this type of flooding is known as distributed degradation-of-service. Committed by "pulsing" zombies, distributed degradation-of-service is the moderated and periodical flooding of websites, done with the intent of slowing down rather than crashing a victim site. The effectiveness of this tactic springs from the fact that intense flooding can be quickly detected and remedied, but pulsing zombie attacks and the resulting slow-down in website access can go unnoticed for months and even years.
Notable incidents of distributed denial- and degradation-of-service attacks in past include the attack upon the SPEWS
Spam Prevention Early Warning System
The Spam Prevention Early Warning System was an anonymous service which maintained a list of IP address ranges belonging to Internet service providers which host spammers and show little action to prevent their abuse of other networks' resources...
service in 2003, and the one against Blue Frog
Blue Frog
The Blue Frog tool, produced by Blue Security Inc., operated in 2006 as part of a community-based anti-spam system which tried to persuade spammers to remove community members' addresses from their mailing lists by automating the complaint process for each user as spam is received...
service in 2006. In 2000, several prominent Web sites (Yahoo, eBay
EBay
eBay Inc. is an American internet consumer-to-consumer corporation that manages eBay.com, an online auction and shopping website in which people and businesses buy and sell a broad variety of goods and services worldwide...
, etc.) were clogged to a standstill by a distributed denial of service attack mounted by a Canadian teenager. An attack on grc.com is discussed at length, and the perpetrator, a 13-year old probably from Kenosha, Wisconsin
Kenosha, Wisconsin
Kenosha is a city and the county seat of Kenosha County in the State of Wisconsin in United States. With a population of 99,218 as of May 2011, Kenosha is the fourth-largest city in Wisconsin. Kenosha is also the fourth-largest city on the western shore of Lake Michigan, following Chicago,...
, was identified on the Gibson Research Web site. Steve Gibson disassembled a 'bot' which was a zombie used in the attack, and traced it to its distributor. In his account about his research, he describes the operation of a 'bot'-controlling IRC channel.
Beginning in July 2009, similar botnet
Botnet
A botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...
capabilities have also emerged for the growing smartphone
Smartphone
A smartphone is a high-end mobile phone built on a mobile computing platform, with more advanced computing ability and connectivity than a contemporary feature phone. The first smartphones were devices that mainly combined the functions of a personal digital assistant and a mobile phone or camera...
market. Examples include the July 2009 in the wild release of the Sexy Space text message worm, the world's first botnet capable SMS
SMS
SMS is a form of text messaging communication on phones and mobile phones. The terms SMS or sms may also refer to:- Computer hardware :...
worm, which targeted the Symbian
Symbian
Symbian is a mobile operating system and computing platform designed for smartphones and currently maintained by Accenture. The Symbian platform is the successor to Symbian OS and Nokia Series 60; unlike Symbian OS, which needed an additional user interface system, Symbian includes a user...
operating system in Nokia
Nokia
Nokia Corporation is a Finnish multinational communications corporation that is headquartered in Keilaniemi, Espoo, a city neighbouring Finland's capital Helsinki...
smartphones. Later that month, Charlie Miller
Charlie Miller (security researcher)
Charles Miller is a computer security researcher with the consulting firm Accuvant LABS.Prior to his current employment, he spent five years working for the National Security Agency. Miller demonstrated his hacks publicly on products manufactured by Apple...
revealed a proof of concept text message worm for the iPhone
IPhone
The iPhone is a line of Internet and multimedia-enabled smartphones marketed by Apple Inc. The first iPhone was unveiled by Steve Jobs, then CEO of Apple, on January 9, 2007, and released on June 29, 2007...
at Black Hat
Black Hat Briefings
The Black Hat Conference is a computer security conference that brings together a variety of people interested in information security. Representatives of federal agencies and corporations attend along with hackers. The Briefings take place regularly in Las Vegas, Barcelona and Tokyo...
. Also in July, United Arab Emirates
United Arab Emirates
The United Arab Emirates, abbreviated as the UAE, or shortened to "the Emirates", is a state situated in the southeast of the Arabian Peninsula in Western Asia on the Persian Gulf, bordering Oman, and Saudi Arabia, and sharing sea borders with Iraq, Kuwait, Bahrain, Qatar, and Iran.The UAE is a...
consumers were targeted by the Etisalat
Etisalat
Emirates Telecommunications Corporation, branded trade name Etisalat is a UAE based telecommunications services provider, currently operating in 18 countries across Asia, the Middle East and Africa...
BlackBerry spyware program. At the present time, the security community is divided as to the real world potential of mobile botnets. But in an August 2009 interview with The New York Times
The New York Times
The New York Times is an American daily newspaper founded and continuously published in New York City since 1851. The New York Times has won 106 Pulitzer Prizes, the most of any news organization...
, cybersecurity consultant Michael Gregg
Michael Gregg
Michael Gregg is an American computer security specialist, noted speaker at security related events, and an author/coauthor of multiple books such as Build Your Own Network Security Lab and Inside Network Security Assessment He is CEO of ....
summarized the issue this way: "We are about at the point with phones that we were with desktops in the ’80s.”
External links
- What is zombie and how to prevent from zombie
- Study by IronPort finds 80% of e-mail spam sent by Zombie PCs. June 28, 2006
- Botnet operation controlled 1.5 million PCs
- Is Your PC a Zombie? on About.com
- Intrusive analysis of a web-based proxy zombie network
- A detailed account of what a zombie machine looks like and what it takes to "fix" it
- Data and graphics related to zombie originated spam
- Correspondence between Steve Gibson and Wicked
- Zombie networks, comment spam, and referer [sic] spam
- The New York Times: Phone Hacking Threat is Low, But It Exists
- Hackers Target Cell Phones, WPLG-TV/ABC-10 Miami
- Researcher: BlackBerry Spyware Wasn’t Ready for Prime Time
- Forbes: How to Hijack Every iPhone in the World
- Hackers Plan to Clobber the Cloud, Spy on Blackberries
- SMobile Systems release solution for Etisalat BlackBerry spyware