Personal Computing: Don't Let Your PC Turn Into a Zombie

Even the name is scary. Zombie.

by / March 26, 2007 0
Even the name is scary. Zombie. The most familiar meaning of the word "zombie," made popular by Hollywood, is corpse that has come back to life.
But another dictionary definition is "one who looks or behaves like an automaton." That's the one that applies to computers.

A zombie is a computer that has been taken over by someone else over the Internet and that works like a robot in behalf of the person who has taken it over. The phenomenon is as interesting as it's frightening.

Another term used in connection with zombies is "botnet," which refers to a network of zombie computers that have been taken over, though "botnet," or network of robots, can also refer to a network of computers doing automated tasks for beneficial purposes.

One such beneficial purpose is providing the support for Internet Relay Chat, which is a protocol for chatting over the Internet. But it's the nefarious purposes that are the more interesting.

The most common nefarious purpose is the taking over your and other PCs to send out spam in behalf of a scammer, who prefers to use you to do his dastardly deeds to prevent himself from getting caught.

The spam typically directs recipients to a "phishing" Web site, which mimics a legitimate credit card site, bank site, Internet auction site, Internet payment site, or other business site, with the intention of tricking you into providing your personal information. Using personal information such as your credit card information or Social Security number, the scammer makes purchases in your name, empties your bank account, or otherwise steals your identity.

Another nefarious purpose that botnets are put to is serving unwanted pop-up ads and other advertising on PCs and charging clients each time an ad is clicked on. Yet another is to use others' PCs to launch "denial of service" attacks on big companies or government agencies, shutting down their computer networks. Maybe the scariest purpose of all is using your PC as a zombie to turn other PCs into zombies too, with all of them then used to aid the scammer in his criminal enterprise.

The types of attacks have changed over the past two years, said Brian Trombley, McAfee's product manager for consumer security products, in a phone interview. McAfee (www.mcafee.com) is one of the major and most reliable vendors of Internet security products, with other major vendors including Symantec (www.symantec.com), Trend Micro (www.trendmicro.com), and Microsoft (www.microsoft.com).

In the past, a typical hacker trying to attack or take over your PC was a teenage prankster, who tried to infect other computers with viruses, trojans, worms, and other malicious software or "malware" in order to gain a warped kind of prestige among fellow pranksters. Today, said Trombley, the attacks are more sophisticated and are designed for financial gain ... and your financial loss.

From the research McAfee has done, Trombley believes that organized crime organizations in this country and abroad are behind most of the efforts.

Some people have speculated that among these crime organizations are terrorists groups looking to take advantage of vulnerable Westerners to help finance their terrorist activities. Even though as yet there's no proof of this, logic supports these fears. Scary indeed.

At the World Economic Forum in January 2007, Vint Cerf, one of the fathers of the Internet, estimated that as many as a quarter of all computers connected to the Internet may surreptitiously be part of a botnet used by criminals. Highly publicized botnets include 10,000 zombie PCs controlled by a server in Norway in 2004 and 1.5 million zombie PCs engineered by a Dutch man in 2005.

All is not doom and gloom. For individual PC users, there are preventive measure to help ensure your PC doesn't become a zombie:

1. Keep your operating system up to date. If you're running Windows, configure Windows Update to install security patches automatically.

2. Keep your other programs up to date as well, installing updates as they become available.

3. Use an Internet security suite such as McAfee Internet Security Suite, Symantec's Norton Internet Security, or Trend Micro Internet Security, and keep it up to date as well.

McAfee Internet Security Suite comes bundled for free with some Internet service providers (ISPs), such as Comcast and MSN, and it includes the most important but not all of the protections in the full version. If you have a subscription with such an ISP, and you want to use the free security protection, you have to install them from the ISP's Web site.

Reid Goldsborough Contributing Writer
Reid Goldsborough is a syndicated columnist and author of Straight Talk About the Information Superhighway. He can be reached at reidgold@comcast.net or www.reidgoldsborough.com.