A zombie computer or “bot” lets an unauthorized person gain control over it, a hacker, a malicious website or email or a tainted USB thumb drive is typically the source of infection. The zombie or bot patiently waits to be summoned to perform some nefarious task often as a part of an army of tens of thousands or even millions of zombie PCs called a botnet.
Attackers can access list of zombie PCs and activate them to help execute DoS (Daniel of service) attacks against web site, to host phishing web sites or to send spam email message, tracing an attack back to its source leads only to an unwitting victim rather than the true attackers.
Zombie infections are good at hiding so they are not noticed and escape removal, they often have file and process names similar or even identical to normal system file names and processes so users won’t think twice if they do see them. Fortinet a network security company recently issued a zombie awareness month computer survival guide to help user defend against a zombie invasion.
According to the guide, the most likely way a computer becomes infected is by it user landing on a malicious link. Short, cryptic message telling users to watch a video clip or asking “is this you in this video” and containing a shortened or obfuscated link that hides the true destination URL have plagued Facebook and other social networks, even after clicking on the malicious link, you may be unaware that your PC has been compromised of infected. The invader will try to send the same message with the same cryptic video link your contacts, but your friends may think that the message is suspicious and wonder why you would send a video link.
As the fortinet guide explains, as smart friend will ping you and ask, “why did you send this video to me” if you know you didn’t see a video link to your friend you can pretty much bet you’ve became infected or that your account is compromised.
Antimalware utilities, if you keep them up to date with the latest signature, will proactively protect PC from most zombie or bot infection, but the signature based security model always has a leg that leaves your system vulnerable to a new attack while the security vendor develop detection tools for the new threat. The best way to disable a zombie infection and then kill it is quarantine it and the best way to do that is to disconnect the suspected zombie from the network, fortinet guide says, “Then run a virus scan, which if your software’s up to date, should find it and rub it out”.
The guide concludes “zombie computers can be quite devious; therefore, the best line of defence is to prevent infection in the first place; an initial infection can grow worse over time, which means using antivirus software, firewall and so called unified threat management (UTM). The very best defence though is common sense along with a healthy dose of scepticism, user awareness is an IT administrator’s friend who contacts the source of a funny-video message to tell that person about the suspicious message and warm their PC may be a zombie.