A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Zombie Machine

A computer that an attacker has taken control of using malware

A zombie machine is a computer connected to the Internet that has been successfully attacked by a computer virus, worm, or Trojan horse. A hacker will compromise thousands of such machines to create a “Zombie Army” or a “BotNet.” With this network he can then launch spam attacks, attack Web sites, conduct phishing attacks, spread computer viruses, launch DoS attacks, download pornography, or steal personal information. By using zombie machines, spammers can hide the source of spam and hackers can hide the source of malicious content. Using zombie machines also provides hackers with extra bandwidth at the expense of the owner of the machine.

Most owners of zombie machines are unaware that their machine is being used to launch such attacks. It is difficult to check whether your PC is a zombie, but some symptoms are a suddenly slow broadband connection, an unresponsive mouse or keyboard, excessive hard drive activity, or bounce notifications from people you’ve never tried to contact.

Protective Measures

Practices

  • Delete suspicious emails with attachments: Attachments are the main way malware gets onto your computer. Attachments include office document files (e.g., with .doc or .xls suffixes), program files (e.g., with .exe or .bat suffixes), and compressed files (e.g., with .zip suffixes), all of which can contain malware. The CERT Coordination Center advises users to apply the so-called "KRESV" test to detect suspicious emails. KRESV stands for:

    • Know: Do you know the sender?
    • Received: Have you received email from the sender before?
    • Expect: Are you expecting the e-mail?
    • Sense: Do the subject header and attachment name make sense?
    • Virus: Does it contain a virus? You will need antivirus software to check this.

    If an email with attachments fails any of these tests, delete it. If you know the sender, contact him or her to make sure that the message is legitimate.

  • Install security patches: New security problems are constantly being found in software that has already been released. Software vendors therefore make updates or security "patches" available from time to time that fix these problems. A patch is a downloadable piece of software that repairs a security problem or other "hole" in the software. Since most intruders exploit these known weaknesses, failing to download a patch creates an unnecessary risk. The unpatched hole could serve as an entry point for hackers who want to examine, damage, or exploit the information and services on your computer.

  • Perform frequent backups: Save your important data on a regular basis so that you can recover from a malware attack or intrusion. Thumb drives, CDs, and DVDs are good storage and transport media for large amounts of data. If possible, store your backup media in different location from the computer itself to keep them from both being destroyed in a fire or other disaster.

Tools

  • Anti-virus software: The popularity of the Microsoft Windows operating system makes it a prime target for hackers and other virus writers, so anti-virus software is crucial for users of this system. Anti-virus software works by identifying files that match definitions of known viruses and keeping them from infecting the system. Make sure that your virus definitions are kept up to date by automatically or manually downloading them from your software manufacturer's Web site. Do not install more than one anti-virus program because incompatibility issues between the programs may end up leaving your system unprotected.

    Two popular anti-virus packages are Symantec’s Norton AntiVirus  and McAfee AntiVirus . AVG , AntiVir  and ClamWin  are free alternatives. The major anti-virus programs, such as Symantec and McAfee, can protect against worms and Trojan horses as well as viruses.

    PDA and mobile phone anti-virus applications normally interact with the full version on a PC and hold fewer virus definitions. New virus updates are automatically transferred from your desktop computer each time you synchronize your PDA. Therefore it is important to keep your desktop computer's anti-virus software updated and synchronize your PDA regularly. Some commonly used anti-virus packages are Trend Micro's PC-cillin for Wireless  and Symantec AntiVirus for Windows Mobile .

  • Firewall: A firewall is like a security guard for your computer that monitors the traffic into and out of your computer. A firewall is your first line of defense against intrusions, especially Trojan horses. One popular firewall is Symantec's Norton Personal Firewall . The Windows operating systems such as Windows XP and Windows Vista  include a firewall that is turned on automatically. This built-in firewall is described in more detail on the Microsoft site .

References

My home page