Network News

X My Profile
View More Activity

It Must Be Zombie Season

Microsoft is kicking off an Internet security education campaign today aimed at spotlighting the role of the oft-overlooked workhorse of Internet crime -- the Zombie.

Not to be confused with the moaning, drooling, and flesh-eating monsters traditionally associated with Halloween and low-budget undead flicks, computer zombies are home PCs that have been compromised by a computer virus or Trojan horse and forced to participate in any number of ghastly deeds online, from sending out spam to hosting phishing Web sites to launching denial-of-service (DoS) attacks.

Microsoft attorney Tim Cranton said the company obtained a copy of a computer virus that attackers had used to turn at least one computer into a spam-relaying zombie. Microsoft then used it to intentionally infect a single test computer with the bug and monitor it for nearly three weeks in hopes of finding out who was pulling the strings.

Microsoft later determined that the infected PC was among several thousand under the control of a hacker or group of hackers.  The person was then renting out the infected machines to spammers.  In the span of three weeks, that single computer that Microsoft intentionally infected received roughly five million requests from spammers to send some 18 million spam messages advertising at least 13,000 different spam sites.

Microsoft has since filed a series of John Doe lawsuits to learn the identities of those behind a suspected 13 distinct spam businesses operated through that network.

Kudos to Microsoft, the Federal Trade Commission and Consumer Action (and all of the groups that are involved in the new awareness campaign) for taking this important first step. This type of consumer education can't happen enough. The truth is that virus-infected computers number in the millions at any given time on the Internet. Collectively, these robot networks, or "botnets," are the engine powering nearly all major forms of online fraud today, from spam to phishing to online advertising click-fraud to denial-of-service attacks.

Law enforcement and Microsoft may never be ahead of the online crime curve, as hijacked PCs will almost certainly remain a major problem. But by taking advantage of some the excellent free tools already available to the general public, computer users, government and industry can make significant progress toward quashing the zombie population online today.

Here's some how you can help fight the war on Zombies: If your Windows machine is performing like a zombie, consider the following:

Is your computer up to date on computer security patches? Not sure? Visit http://update.microsoft.com to find out.

Are you running some sort of firewall software? If not, consider downloading and using one of my favorite free firewalls, Sygate Personal Firewall. Sygate was very astutely snatched up recently by Symantec Corp., but hopefully it will remain free. Other free firewalls are available from Zone Labs, Agnitum, and Kerio.

Is your PC up-to-date on anti-virus software? New computers often come with free 90-day subscriptions to anti-virus software. If you don't use anti-virus software, or if your trial subscription has expired, it's time to fix that. Some free anti-virus alternatives include AVG Antivirus from Grisoft, and a year's worth of free anti-virus updates from eTrust Antivirus a joint offering from Microsoft and Computer Associates.

Lastly, be extremely cautious about opening e-mail attachments and in clicking on links that arrive via e-mail or instant message.

By Brian Krebs  |  October 27, 2005; 10:01 AM ET
Categories:  From the Bunker  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Survey Says: Some 'Net Users No Longer Shopping Online
Next: Patch Checking for Popular Windows Apps

Comments


-thankyou. this is good information.

Posted by: Anonymous | October 27, 2005 11:14 AM | Report abuse

Do you think Mr. Gates would be offended if
I explicitly pointed out that Linux did NOT
appear in the article about zombied PCs?

Jeff B at Home

Posted by: Jeff B at Home | October 27, 2005 11:15 AM | Report abuse

Save yourself all this trouble and just buy a Mac!

Posted by: Paul | October 27, 2005 11:40 AM | Report abuse

Just take the old computer in the attic, place two network cards (one for LAN, other for Internet) in it and install IPCOP or SMOOTHWALL in it: that will make it the best router/firewall ever.

Then, connect your computer(s) to the router, via LAN.

Lastly, install a good free antivirus, like ANTIVIR or AVG. Ditch that Norton!!!

Cost: $0. Security: priceless.

Posted by: Anonymous | October 27, 2005 12:20 PM | Report abuse

Just take the old computer in the attic, place two network cards (one for LAN, other for Internet) in it and install IPCOP or SMOOTHWALL in it: that will make it the best router/firewall ever.

Then, connect your computer(s) to the router, via LAN.

Lastly, install a good free antivirus, like ANTIVIR or AVG. Ditch that Norton!!!

Cost: $0. Security: priceless.

Posted by: guest | October 27, 2005 12:21 PM | Report abuse

Paul: amen. This is a mildly amusing but distant problem to us Macophiles.

Posted by: lpdrjk | October 27, 2005 1:59 PM | Report abuse

Zombies, spyware, adware, viruses, oh my! There are NO viruses for the Mac. Zero. Nada. Zippo. Umm, maybe one day there will be one virus on the Mac, or even ten, but then the score would still be some 18,000 to 1 or 10 or something!

Why worry about having to be your own network administrator? Go buy a Mac. You won't go back.

Posted by: WhitIV | October 27, 2005 2:05 PM | Report abuse

-In response to Jeff B at Home

I found a botnet with nothing but various Unix, Linux and Mac systems in it. Not a single Windows machine in the lot as far as I can tell. All were compromised via phpadsnew vulnerability and a lot of these systems had DNS names of WWW, NS, MAIL, etc.

Posted by: David Taylor | October 27, 2005 2:16 PM | Report abuse

URL posted for Kerio (http://www.kerio.com/us/kpf_home.htm) is wrong. The correct URL is with "l" at the end (http://www.kerio.com/us/kpf_home.html)

Posted by: Hari | October 27, 2005 2:32 PM | Report abuse

While you commend microsoft for their efforts to expose hackers, you fail to mention that microsoft, through their "Windows Genuine Advantage" program leaves thousands of Windows PCs open to published exploits by denying users of presumably pirated OS software security updates. Many people are simply unaware of where their operating system came from- a neighborhood kid set it up for them. Regardless of whether piracy is right or wrong, Microsoft's actions serve to increase the number of "zombies" out there far more than any efforts they make to catch hackers.

Posted by: James | October 27, 2005 8:08 PM | Report abuse

James,

Hrm. I'm pretty sure I've covered the Microsoft Genuine Advantage stuff before:

http://blogs.washingtonpost.com/securityfix/2005/08/as_promised_mic.htm

http://blogs.washingtonpost.com/securityfix/2005/09/microsoft_issue.html

for starters. Second, that program doesn't prohibit people from receiving patches per se. It bars them from getting them from the Windows/Microsoft update site if they fail the test. Users can still get them via automagic updates, albeit maybe not as fast as they might by going directly to the web site.

Posted by: Brian Krebs | October 27, 2005 11:43 PM | Report abuse

Thanks, Hari. I've updated the link to correct that.

Posted by: Bk | October 27, 2005 11:45 PM | Report abuse

Why is there no 'Print this Article' button for this column ?

Posted by: Scott | October 28, 2005 2:40 AM | Report abuse

Why is there no 'Print this Article' button for this column ?

Posted by: Scott | October 28, 2005 2:41 AM | Report abuse

Very informative and interesting article.
I will send it to my brother who builds and takes care of computers.

Posted by: Dotty Brant | October 28, 2005 7:05 AM | Report abuse

Gibson Research's Shields Up! seems to do a good job of checking a PC's security against various avenues of attack from the outside. So why do ISP's not run similar tests against the IP addresses of their subscribers, and then alert those who have problems? Why not go a step further, and require those found to have insecure PCs (no firewall, etc) to comply with safe practices, or be disconnected? The ISPs could provide assistance to those who are not competent to make the necessary changes, perhaps for a fee.

Posted by: Ted M. | October 28, 2005 10:53 AM | Report abuse

It's time to get really serious about how we, treat those who cause so much destruction of the Internet, business and our personal computers. Hand slapping and toothless procecution must turn to a very aggressive pursuit of those who would interupt "the system" for personal gain, for fun, intentionally trying to bring about the most destruction they can or for simply "just because they can do it". Determine the cost of what these thugs have wrought, put a mandatory assessment on their personal assets and future wages and place a mandatory prision term that will get, and keep, their attention. Like it or not, the Internet has become an insturment that is on par with the Post Office and we/the Government would not tollerate this kind of manipulation of the Postal Service.

Posted by: Rick George | October 31, 2005 8:32 AM | Report abuse

Oh. And use Firefox, of course.

Posted by: guest | November 3, 2005 12:41 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company