Don’t Let Your PC Turn Into a
by Reid Goldsborough
Even the name is scary: Z<span
The most familiar meaning of the word <span
style=’font-size:11.0pt’>zombie, made popular by Hollywood, is a
corpse that has come back to life. But another dictionary definition is “one
who looks or behaves like an automaton.” That’s the one that applies to
A zombie is a computer that has
been taken over by someone else over the Internet and that works like a robot
on behalf of the person who has taken it over. The phenomenon is as interesting
as it’s frightening.
Then there’s the related
The term refers to a network of zombie computers. The same term can also refer
to a network of computers doing automated tasks for beneficial purposes, such
as providing the support for Internet Relay Chat, which is a protocol for
chatting over the Internet. But the nefarious purposes are more interesting.
The most common nefarious purpose
is to send out spam on behalf of a scammer, who believes that using you and
others to do his dastardly deeds is a way to avoid getting caught.
The spam typically directs
recipients to a “phishing” Web site, which mimics a legitimate credit-card
site, bank site, Internet auction site, Internet payment site, or other
business site, with the intention of tricking you into providing your personal
information. Using such information—credit card or Social Security numbers, for
instance—the scammer makes purchases in your name, empties your bank account,
or otherwise steals your identity.
Another nefarious purpose that
botnets are put to is placing unwanted pop-up ads and other advertising on PCs
and charging clients each time an ad is clicked on. Yet another is to use other
people’s PCs to launch “denial of service” (DOS) attacks on big companies or
government agencies, shutting down their computer networks. Maybe the scariest
purpose of all is using your PC as a zombie to turn other PCs into zombies too,
with all of them then used to aid the scammer in criminal enterprises.
What’s Different Today
The types of attacks have changed
over the past two years, said Brian Trombley, McAfee’s product manager for
consumer security products, in a phone interview. Along with vendors including
Trend Micro (www.trendmicro.com),
and Microsoft (www.microsoft.com),
is one of the major and most reliable purveyors of Internet security products.
In the past, a typical hacker
trying to attack or take over your PC was a teenage prankster who tried to infect
other computers with viruses, trojans, worms, and other malicious software or
“malware” to gain a warped kind of prestige among fellow pranksters.
Today, said Trombley, the attacks
are more sophisticated and are designed for financial gain—and your financial
From the research McAfee has done,
Trombley believes that organized crime in this country and abroad is behind
most of the efforts. Some have speculated that among these crime organizations
are terrorist groups looking to take advantage of vulnerable Westerners to help
finance their terrorist activities. As yet there’s no proof of this, even if
logic supports these fears. But it’s scary indeed.
At the World Economic Forum in
January 2007, Vint Cerf, one of the fathers of the Internet, estimated that as
many as a quarter of all computers connected to the Internet may
surreptitiously be part of a botnet used by criminals. Highly publicized
botnets include 10,000 zombie PCs controlled by a server in Norway in 2004 and
1.5 million zombie PCs engineered by a Dutch man in 2005.
How to Protect Your
All is not doom and gloom. Unless
your computer is running slowly, or more Internet activity seems to be
happening in the background than there should be, you can assume that your PC
hasn’t become a zombie. If you receive “bounces” for emails you didn’t
knowingly send, this doesn’t necessarily mean your PC has become compromised;
it can mean that somebody else, who has your email address in their address
book, has had their computer compromised.
The best measures to prevent,
detect, or recover from zombie attacks include:
· Keep your operating system up to
date. If you’re running Windows, configure Windows Update to install security
· Keep your other programs up to
date as well, installing updates as they become available.
· Use an Internet security suite
such as McAfee Internet Security Suite, Symantec’s Norton Internet Security, or
Trend Micro Internet Security, and keep it up to date.
McAfee Internet Security Suite
comes bundled for free with some Internet service providers, such as Comcast
and MSN, and it includes the most important but not all of the protections in
the full version. If you have a subscription with such an ISP, and you want to
use the free security protection, you have to install them from the ISP’s Web
Reid Goldsborough is a
syndicated columnist and author of the book <span
style=’font-size:11.0pt’>Straight Talk About the Information Superhighway.
He can be reached at firstname.lastname@example.org or members.home.net/reidgold.