- The seemingly endless spate of worm infestations over
the last year has left something even more troubling in its wake: armies
of zombie PCs that can be used to send spam, attack Web sites, and generally
wreak havoc over the Internet.
-
- Worms such as Sobig, MyDoom, and Bagle have been identified
as containing malicious code (malware) that allows remote attackers to
take over infected machines--while their victims are blithely oblivious.
-
- Spreading Nasties
-
- UK security firm Sophos estimates that 40 percent of
spam is now sent by zombie machines. Sandvine, a network security firm,
puts the figure at 80 percent. Distributed computing company Akamai blames
zombie PCs for a denial of service attack that briefly blacked out sites
like Google, Microsoft, and Yahoo in June. Reuters reports that British
teen hackers are hiring out their zombie networks for around $100 an hour.
-
- Besides relaying spam and launching DOS attacks, a zombie
machine can be used to send phisher scams, spread viruses, download pornography,
and steal personal information, says Carole Theriault, a Sophos security
consultant.
-
- "Basically, it is a complete invasion of privacy
that can leave you penniless, can have your computer send out all kinds
of nasties to innocent computers, and as part of the collective--sorry
for Star Trek terminology--contribute to the cyberhavoc going around,"
Theriault says.
-
- Are You a Zombie?
-
- Sophos estimates half a million zombie PCs are operating
worldwide; other sources put the figure as high as two million. A recent
Earthlink study hinted of widespread malware installations. Those numbers
are likely to climb even further, says Steve Gibson, president of Gibson
Research Corporation and well-known PC security guru.
-
- "There's a tremendous incentive for hackers to infect
other people's PCs," Gibson says. "They don't care about your
financial records, letters to your mother, or pictures of your family album.
All that machine represents is bandwidth they can use for targeting other
people."
-
- Determining whether your PC is a zombie isn't always
easy, says Fred Felman, vice president of marketing for Zone Labs, a San
Francisco security software maker. Symptoms can include a suddenly sluggish
broadband connection, excessive hard drive activity, an unresponsive mouse
or keyboard, or bounce notifications in your inbox from people you never
tried to contact. Yet you could show all of these symptoms and still not
be infected.
-
- Experts agree that you can reduce your risk by installing
a personal firewall and antivirus software, and keeping your Windows Updates
up to date. Yet most home users remain woefully unprotected. A study conducted
in May 2003 by the National Cyber Security Alliance found that two-thirds
of home users did not have a properly configured firewall.
-
- Later this summer Microsoft plans to release XP Service
Pack 2, which will feature a beefed-up firewall and other security enhancements
designed to reduce remote access to PCs. But Gibson fears widespread adoption
of SP2 will cause new problems by creating a single point of attack for
malware to defeat.
-
- Good Fences, Good Neighbors
-
- Even security-savvy users are at risk. Zone Labs' Felman
says his own notebook was infected by the Sasser worm while he was attempting
to uninstall one firewall and install another. He says users need to take
a neighborhood-watch approach to fighting malware.
-
- "We're all responsible for looking out for weird
behavior in airports and our neighborhoods; we should also be looking out
for weird behavior on the network," he says. "And we need to
start by looking at our own machines."
-
- http://www.pcworld.com/news/article/0,aid,116841,00.asp
|