Chances are, there's a zombie in your living room, in your den, your office or in your basement.
A zombie is the term applied to a computer remotely taken over by someone who is not its physical owner. The compromised computer is nearly always a home or office computer running one of the Windows operating systems. A zombie's intended use is usually to send spam, make other computers become zombies and to participate in distributed denial-of-service attacks. In nearly every instance, the original owner is blissfully unaware of what's going on.
Sound familiar? The term isn't coming out of thin air, although the cultural references necessitates a better than average knowledge of US pop culture. Zombie doesn't trigger quite the same thoughts with a Pole as it does with a bearded systems administrator from Texas. In any case, the term carries the same meaning to computer security people all over the world: a remotely controlled computer used for illicit purposes.
How it's done
In order to become a zombie, a computer must run some kind of program so it can be remotely controlled by someone. This type of program has a lot of names depending of who talks about it and what agenda they have; trojan horses, viruses and worms. The garden variety zombie comes into being when malicious software executes on the computer, usually when the original owner visit websites with malicious content, opens email attachments or simply connects to the internet.
The malicious software exploits loopholes or security flaws in the operating system in order to run.
Why it is possible
In simplified terms:
When Microsoft built their operating systems out of pop rivets, chewing gum, paper clips and leftover sidings, they designed some parts well, some parts not so well and some other special parts incredibly bad. To fix the bad and not-so-well things whenever they're notified or find them themselves, Microsoft issue corrections for their Windows operating systems. This is known as patches (another cultural reference right there). When Microsoft publish a patch, they always tell you what problem it's supposed to fix and how important it is that you (yes, you!) fix it. Cue the bad guys. They now know about a flaw/weakness/loophole in Windows. Now it's just a question of time when a program to exploit them appears on the internet.
Yes, I know. Security flaws exist in other operating systems than Windows. I'll bother thinking about it when Windows drops below 96% market share.
What it does
When the malicious software runs, it installs a copy of itself and executes it. It then phones home to the internet hideout where the zombie master resides to notify the internet supervillain of itself. The computer in your living room is now a zombie and part of a botnet, raring to get up and go. After a few minutes, it normally starts relaying spam to tens of thousands of recipients. It is estimated that at about half on the net's spam volume comes from zombies. Spam, in turn, accounts for 50-70% of the entire world's email volume.1
A couple of days later it's been found out by the guys who finds out about these things and whoever controls the zombie will then usually discard it.
If the bad guy has no immediate use for the zombie, he can sell it to someone else as part of a botnet. Botnets are regularly bought and sold for thousands of dollars on the internet. If you want 5,000 zombies, be prepared to pay up to a dollar a piece (excl. VAT or sales tax).
Why it's done
The internet is a good idea, isn't it? Get free information, send mail to your grandmother on the other side of the world, read your local newspaper wherever you are or make shit up for foreign websites. It's almost too good to be true. Then somehow money becomes involved and the equation defining global cooperation and happiness become perverted. People found a way to make money by selling cow dung. They found a way of making money by telling other people how to make money by telling other people about how to make money.
So it's about money of course. When there's people involved in anything, it either turns out to be about sex or the almighty dollar. In the case of the internet, you could argue it's about both. Simultaneously.
Say you bought the 5,000 strong army of zombies (or botnet) mentioned above. Here's what you can do with it in order to earn some cash:
- Offer to send a million spam emails for some dubious drug. Demand 5% of their sales profit. And yes, there are plenty of people who buys stuff advertised to them in spam. If I promised you a 36-hour tent in your pants, you'd buy the box of pills too if you were desperate enough. When it comes to sex and money, someone is always desperate enough. Don't think about what's actually in the pills. Money is money. Suckers are suckers and P.T. Barnum was right.
- Send an email to a couple of small companies and state that unless they pay you $10,000, you'll drown them in useless traffic and render their mail and web stuff unusable. Pick a company you know has underpaid and/or clueless system administrators. The supply of customers in your newfound market niche should be limitless.
- Post a message on one of the web forums where the miscreants hang out and offer your army of zombies up for sale. In a free market economy, there's nothing quite like cashing in on other people's stupidity, greed or ignorance. The mainstream corporations are doing it every second every day, so why shouldn't you?
For the bad guys, a zombie has several advantages:
- It's very hard to trace the flow of internet sewer coming from the zombie
- A zombie is disposable. When the original owner shuts the computer down or cleans it up, the operational impact is negligible.
- Someone else pays for the bandwith.
- Complaints about abusive internet behaviour goes to the original owner, not the bad guy
- The means of production are paid for by everyone else
Remedies
The best remedy is keeping your Windows computer up to date by visiting Windows Update (http//www.windowsupdate.com or http://windowsupdate.microsoft.com) use some kind of firewall on your computer or network and practice safe computing. At the very least, this will prevent your computer from becoming infected.
Some Internet Service Providers have begun blocking mail traffic wholesale from customers in order to stem the tide of spam. If you want to send mail, you'll have to use the ISP's own mail relay. In addition, a lot of legitimate mail servers are denying mail traffic from the parts of the internet that are known to be inhabited by only home computers.
This does nothing with regard to denial-of-service attacks though. That's a much more complicated dragon to slay when it rears its head.
You can also stop using Windows or change the parts of it which are the most common vessels for compromise; the mail client and the browser, but for a lot of people this is neither possible nor practical.
For a handy-dandy starting point for securing yourself on the internet, read SecurityFocus' Cybersecurity and You: Five Tips Every Consumer Should Know on <http://www.securityfocus.com/news/4983>.
1Email accounts for roughly 5% of the total internet traffic according to some sources. It's hard to measure though, so take all percentages in this writeup with a grain of salt.