I’ll have to give credit to the spammers and other varieties of internet-dwelling lowlife for one thing: They are a damn creative bunch! They have come up with some absolutely ingenious schemes to keep the money coming in.
It used to be that a virus or worm or other nasty bit of software was released primarily for “recreational” purposes. The writer was trying to prove how good a hacker he was or was competing with other hackers to come up with the nastiest creation. I suppose others were just mentally deranged or something.
In recent years, I have been hearing a lot about a change in the motivation behind the creation of what has be come known collectively as malware.
Today, the motivation, as you might suspect, is money, and many accomplished hackers are now plying their trade for a paycheck instead of the fame and admiration of fellow hackers.
Although the primary focus of this post is regarding zombie networks, it is worth mentioning that things like the computer virus, phishing sites and adware are still a big problem that do not appear to be going away any time soon.
A zombie network is a group of computers that are controlled by someone else who has somehow managed to get a program or group of programs installed on computers that do not belong to them.
The person who controls the zombie network has total control over all the zombie computers in that network and can make them do anything his heart desires. Unlike a virus, the zombie programs that are installed are designed to work quietly in the background and never do anything to reveal their presence.
It’s not about causing difficulty for the owner of the computer that has been infected, although that is very likely to happen if the victim’s ISP (Internet Service Provider) figures out that the computer has been recruited as part of a zombie network. It’s about the money.
Laws against spam that have been passed in the last few years have driven the spammers further underground than ever. Many of them send their spam e-mail messages from computers located overseas to avoid trouble with authorities here in the U.S.
Others hire hackers who have their own zombie networks that can be used to send spam. Some zombie networks can consist of hundreds or even thousands of computers, all standing ready to follow whatever instructions the zombie master sends out.
Here’s a fictional story to demonstrate how some innocent internet user may end up with a computer that is part of a zombie network.
Joe Surfer stumbles upon a web site while doing some searching for information on the internet and notices an advertisement for a free screen saver or some other free software that sounds useful.
Joe clicks on the ad and is taken to another web site that is probably going to do one of two things. It may offer the software as a free download so Joe can grab a copy and install it on his PC.
It also might use some known security flaw in Joe’s web browser to go ahead and install the zombie program right then and there and leave poor Joe with no idea he has been infected just by visiting the site.
Whether he is infected when he visits the site or when he installs the software he has downloaded, his PC is now part of a zombie network.
Although Joe has no idea anything is going on, the zombie program connects to an IRC or “Internet Relay Chat” channel and sends a message to the zombie master who is monitoring the chat channel to let him know he has a new recruit in his network.
The zombie master can then communicate with the new zombie PC by sending instructions back to it via the chat channel. The zombie program is configured to start up and inform the zombie master of its availability each and every time the victim turns his PC on.
As mentioned previously, the zombie master can instruct all of the PC’s in his network to do anything he wants them to do. Most often they are used to send spam or to launch “denial of service” attacks on other computers that the zombie master or his employers want to take off the internet for some reason. The Blue Frog story is an excellent example of how this can come about.
Unless you have some type of security software installed on your computer, you may never find out that it is part of a zombie network. Although you may find out the hard way when your ISP discovers the infection and shuts off your internet access.
This actually happened to me once. My wife and kids had discovered the “surf the internet and get paid” stories that were going around a few years back and signed up with some of these sites so they could get paid just for checking out certain sites.
(If you’re thinking about getting involved in anything like this, don’t bother! I have never heard of a single “surf to get paid” deal that was not a scam.)
Anyway, a week or two later our internet service just died one day and did not seem to be coming back. I called our ISP and was informed that a flood of spam was being sent out from one of the computers in my house. I was told to let them know when the malware was removed and they would restore our internet access.
You can imagine how ticked off I was and how fast that particular malware was identified and removed from my wife’s PC! So much for “surfing to get paid.”
Figuring that all of my wife’s surfing would be to well-known, safe sites, I let my guard down and did not have the full compliment of security software installed on her PC. It was a lesson I learned the hard way, although I cannot be sure the malware would have been identified by anti-virus software I was using at the time. It is likely that a properly-configured firewall would have drawn attention to it however.
To this day I am not certain if my wife’s PC had been part of a zombie network or not since the information I was able to dig up about the malware that had been installed was not terribly extensive.
I was glad that I was able to download a free anti-virus program to eliminate it, but I wish I had been able to find out more about exactly what it was.
Unfortunately, the bad guys are developing more sophisticated malware programs that are harder to detect and even using rootkits to further mask the presence of their nasty little programs and keep victims in the dark.
There are things you can do to minimize the likelihood of your PC being infected with malware. There are numerous free anti-virus programs you can download and install. I also highly recommend a firewall program.
A firewall program installed on your PC can alert you to any other programs that are attempting to access the internet in the background. There are free firewall programs you can download. Just do a search for “free antivirus” or “free firewall” on Google and you should find what you need.
Using a firewall program can be a bit intimidating if you are not technically savvy, but it really is worth it to take some time to learn as much as you can and make use of a firewall program.
No solution is 100% effective against malware, but using anti-virus and firewall programs will give you a much better chance of detecting malware that has been installed on your computer without your knowledge.
It also appears that there is a new generation of anti-malware software coming on the scene. I heard about a program called CyberHawk and since it was free, I decided to download it and give it a try.
Although the program looked interesting and appears to have some promise, I don’t think it is quite ready for prime time. After noticing a number of occasions when my PC would slow to a crawl and nearly hang for no apparent reason, I traced the problem to CyberHawk and when I removed the program, the problems went away.
I am going to give it another try once they refine it a little more and you may want to check it out in a little while as well. It looks like it has the makings of a good program but has not had the bugs worked out of it yet.
Make no mistake. There are people out there who want to take control of your computer and do things with it that are not lawful so they can make a profit. Connecting your computer to the internet these days without as much protection as you can get is just plain crazy.
[tags]zombie networks, malware, firewall[/tags]
Leave a Reply