Personal Computing: Zombies an Increasing Concern

Zombies are no cause for panic. There is cause for prudence.

by / May 8, 2009

Computer zombies are out to get you. That may sound like a tagline from a bad B movie, but there's truth behind it. A "zombie" in the computer lexicon is a computer that has been taken over by a piece of malicious software planted by a hacker typically for the purpose of secretly sending out unauthorized mass e-mail, or spam. That computer could be yours, and you could be totally in the dark about it.

According to a just-released study by computer security software company McAfee, cyber-criminals are having increasing success in commandeering the computers of others through the Internet in this way. McAfee has a vested interest in sounding the alarm. By doing so, it stands to sell more software. But it's a company that has been around since 1987 and has a good reputation.

In the U.S., fully 18 percent of personal computers have become zombies, which is nearly a 50 percent increase from the previous quarter, according to McAfee Threats Reports: First Quarter 2009.

If your computer is turned into a zombie, it becomes part of a "botnet," or robot network. This also sounds like science fiction, but it's frighteningly real. Botnets can consist of thousands of commandeered computers all working behind the scenes to carry out the objectives of the person or persons behind them.

One botnet facilitator, a Web hosting company in San Jose, Calif., was taken down in November 2008, but only after reportedly being responsible for billions of spam e-mails a day.

Botnets aren't all set up for nefarious purposes, but those consisting of zombies are. Along with spam, zombie computers may be used for other purposes as well.

Zombies can launch "distributed denial-of-service" attacks, where a large number of computers are directed to access a single Web site simultaneously, overloading it and preventing legitimate users from accessing it, or "distributed degradation-of-service" attacks, which are a less intense but more frequent flooding of a Web site designed to slow it down and compromise its usability.

Another purpose carried out by zombies is connecting en masse to Web sites that carry pay-per-click advertising. Here the false connections don't bring or slow the site down but instead artificially boost "click-throughs" on its ads, thereby committing "click fraud."

Spam remains, however, the most common reason that zombie networks are set up. Among the most common items advertised by spam, according to the McAfee report, are counterfeit prescription drugs, bogus male enhancement products and counterfeit watches. The connection is clear.

Another big part of the spam problem are "phishing" attempts that try to trick you into revealing credit card, banking, Social Security or other personal information so the criminal or criminals behind them can steal your identity.

Welcome to the computer age.

Though criminal activity involving computers may be increasing, it has been around from before the time that the personal computer revolution began in the late 1970s and early 1980s. There's no cause for panic. There is cause for prudence.

To protect yourself, most importantly, use a firewall program designed to block incoming and outgoing traffic. The firewall software that comes with Microsoft Windows and the Mac OS provide basic protection, but as with most such bundled utilities, you can do better with a third-party program.

McAfee and Symantec provide robust firewalls, sold separately or packaged in their security suites. ZoneAlarm, available in free and pay versions, is another well regarded firewall. Whatever you use, make sure you keep it up to date.

One new program designed specifically for detecting zombie attacks that's getting good press is RUBotted. It's a free offering from Trend Micro that's still in beta or test mode, but it appears to be stable.

You should also use anti-virus and anti-spyware software, and you should also keep these programs up to date. Keep your computer's operating system, Web browser, and other software up to date as well with security and other patches.

Be careful with file attachments that come with e-mail messages, particularly from unknown sources. Even if you know the source, if you're not expecting the attachment it's safest to send a quick e-mail asking if that person was the one who actually sent it.

Finally, be careful with downloaded games and other software. Use only reputable Web sites.

If your computer does become a zombie, you won't necessarily lose data. But the computer will slow down, as will your access to the Internet, not to mention the bad things you'll be helping the bad guys get away with.

Reid Goldsborough Contributing Writer
Reid Goldsborough is a syndicated columnist and author of Straight Talk About the Information Superhighway. He can be reached at or