Zombie (computing): Difference between revisions

Content deleted Content added

Inline

Latest revision as of 03:21, 22 December 2024

In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker via a computer virus, computer worm, or trojan horse program and can be used to perform malicious tasks under the remote direction of the hacker. Zombie computers often coordinate together in a botnet controlled by the hacker, and are used for activities such as spreading e-mail spam and launching distributed denial-of-service attacks (DDoS attacks) against web servers. Most victims are unaware that their computers have become zombies. The concept is similar to the zombie of Haitian Voodoo folklore, which refers to a corpse resurrected by a sorcerer via magic and enslaved to the sorcerer's commands, having no free will of its own.^[1] A coordinated DDoS attack by multiple botnet machines also resembles a "zombie horde attack", as depicted in fictional zombie films.

Advertising

Zombie computers have been used extensively to send e-mail spam; as of 2005, an estimated 50–80% of all spam worldwide was sent by zombie computers.^[2] This allows spammers to avoid detection and presumably reduces their bandwidth costs, since the owners of zombies pay for their own bandwidth. This spam also greatly increases the spread of Trojan horses, as Trojans are not self-replicating. They rely on the movement of e-mails or spam to grow, whereas worms can spread by other means.^[3] For similar reasons, zombies are also used to commit click fraud against sites displaying pay-per-click advertising. Others can host phishing or money mule recruiting websites.

Distributed denial-of-service attacks

Zombies can be used to conduct distributed denial-of-service (DDoS) attacks, a term which refers to the orchestrated flooding of target websites by large numbers of computers at once. The large number of Internet users making simultaneous requests of a website's server is intended to result in crashing and the prevention of legitimate users from accessing the site.^[4] A variant of this type of flooding is known as distributed degradation-of-service. Committed by "pulsing" zombies, distributed degradation-of-service is the moderated and periodical flooding of websites intended to slow down rather than crash a victim site. The effectiveness of this tactic springs from the fact that intense flooding can be quickly detected and remedied, but pulsing zombie attacks and the resulting slow-down in website access can go unnoticed for months and even years.^[5]

The computing facilitated by the Internet of Things (IoT) has been productive for modern-day usage, yet it has played a significant role in the increase in web attacks. The potential of IoT enables every device to communicate efficiently, but this also intensifies the need for policy enforcement regarding security threats. Among these threats, Distributed Denial-of-Service (DDoS) attacks are prevalent. Research has been conducted to study the impact of such attacks on IoT networks and to develop compensating provisions for defense.^[6] Consultation services specialized in IoT security, such as those offered by IoT consulting firms^{[dead link‍]}, play a vital role in devising comprehensive strategies to safeguard IoT ecosystems from cyber threats.

Notable incidents of distributed denial- and degradation-of-service attacks in the past include the attack upon the SPEWS service in 2003, and the one against Blue Frog service in 2006. In 2000, several prominent Web sites (Yahoo, eBay, etc.) were clogged to a standstill by a distributed denial of service attack mounted by 'MafiaBoy', a Canadian teenager.

Smartphones

Beginning in July 2009, similar botnet capabilities have also emerged for the growing smartphone market. Examples include the July 2009 in the "wild" release of the Sexy Space text message worm, the world's first botnet capable SMS worm, which targeted the Symbian operating system in Nokia smartphones. Later that month, researcher Charlie Miller revealed a proof of concept text message worm for the iPhone at Black Hat Briefings. Also in July, United Arab Emirates consumers were targeted by the Etisalat BlackBerry spyware program. In the 2010s, the security community is divided as to the real world potential of mobile botnets. But in an August 2009 interview with The New York Times, cyber security consultant Michael Gregg summarized the issue this way: "We are about at the point with [smart]phones that we were with desktops in the '80s."^[7]

References

^ "Zombie - Port Security". August 3, 2021.
^ Tom Spring (June 20, 2005). "Spam Slayer: Slaying Spam-Spewing Zombie PCs". PC World. Archived from the original on July 16, 2017. Retrieved December 19, 2015.
^ White, Jay D. (2007). Managing Information in the Public Sector. M.E. Sharpe. p. 221. ISBN 978-0-7656-1748-4.
^ Weisman, Steve (2008). The Truth about Avoiding Scams. FT Press. p. 201. ISBN 978-0-13-233385-6.
^ Schwabach, Aaron (2006). Internet and the Law. ABC-CLIO. p. 325. ISBN 1-85109-731-7.
^ Lohachab, Ankur; Karambir, Bidhan (September 1, 2018). "Critical Analysis of DDoS—An Emerging Security Threat over IoT Networks". Journal of Communications and Information Networks. 3 (3): 57–78. doi:10.1007/s41650-018-0022-5. ISSN 2509-3312. S2CID 52924506.
^ Furchgott, Roy (August 14, 2009). "Phone Hacking Threat Is Low, but it Exists". Gadgetwise Blog. New York Times. Archived from the original on July 16, 2017. Retrieved July 16, 2017.

External links

Botnet operation controlled 1.5 million PCs
Is Your PC a Zombie? on About.com Archived July 24, 2011, at the Wayback Machine
A detailed account of what a zombie machine looks like and what it takes to "fix" it Archived April 27, 2006, at the Wayback Machine

[1] "Zombie - Port Security". August 3, 2021.

[2] Tom Spring (June 20, 2005). "Spam Slayer: Slaying Spam-Spewing Zombie PCs". PC World. Archived from the original on July 16, 2017. Retrieved December 19, 2015.

[3] White, Jay D. (2007). Managing Information in the Public Sector. M.E. Sharpe. p. 221. ISBN 978-0-7656-1748-4.

[4] Weisman, Steve (2008). The Truth about Avoiding Scams. FT Press. p. 201. ISBN 978-0-13-233385-6.

[5] Schwabach, Aaron (2006). Internet and the Law. ABC-CLIO. p. 325. ISBN 1-85109-731-7.

[6] Lohachab, Ankur; Karambir, Bidhan (September 1, 2018). "Critical Analysis of DDoS—An Emerging Security Threat over IoT Networks". Journal of Communications and Information Networks. 3 (3): 57–78. doi:10.1007/s41650-018-0022-5. ISSN 2509-3312. S2CID 52924506.

[7] Furchgott, Roy (August 14, 2009). "Phone Hacking Threat Is Low, but it Exists". Gadgetwise Blog. New York Times. Archived from the original on July 16, 2017. Retrieved July 16, 2017.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

@@ Line 2: / Line 2: @@
 {{Use mdy dates|date=July 2017}}
 {{About|the term "zombie" in computer security|"zombie" in UNIX programming|Zombie process}}
-{{Information security}}
-In [[computing]], a '''zombie''' is a computer connected to the Internet that has been [[computer security|compromised]] by a [[Hacker (computer security)|hacker]] via a [[computer virus]], [[computer worm]], or [[Trojan horse (computing)|trojan horse]] program and can be used to  perform malicious tasks under the remote direction of the hacker. Zombie computers often coordinate together in a [[botnet]] controlled by the hacker, and are used for activities such as spreading [[e-mail spam]] and launching [[distributed denial-of-service attack]]s (DDoS attacks) against web servers.  Most victims are unaware that their computers have become zombies. The concept is similar to the [[zombie]] of [[Haitian Voodoo]] folklore, which refers to a corpse resurrected by a [[Sorcerer (supernatural)|sorcerer]] via magic and is enslaved to the sorcerer's commands, having no free will of its own.<ref>{{Cite web|url=https://www.ccexpert.us/port-security/zombie.html|title = Zombie - Port Security|date = August 3, 2021}}</ref> A coordinated [[DDoS attack]] by multiple botnet machines also resembles a "zombie horde attack", as depicted in fictional [[zombie film]]s.
+In [[computing]], a '''zombie''' is a computer connected to the Internet that has been [[computer security|compromised]] by a [[Hacker (computer security)|hacker]] via a [[computer virus]], [[computer worm]], or [[Trojan horse (computing)|trojan horse]] program and can be used to  perform malicious tasks under the remote direction of the hacker. Zombie computers often coordinate together in a [[botnet]] controlled by the hacker, and are used for activities such as spreading [[e-mail spam]] and launching [[distributed denial-of-service attack]]s (DDoS attacks) against web servers.  Most victims are unaware that their computers have become zombies. The concept is similar to the [[zombie]] of [[Haitian Voodoo]] folklore, which refers to a corpse resurrected by a [[Sorcerer (supernatural)|sorcerer]] via magic and enslaved to the sorcerer's commands, having no free will of its own.<ref>{{Cite web|url=https://www.ccexpert.us/port-security/zombie.html|title = Zombie - Port Security|date = August 3, 2021}}</ref> A coordinated [[DDoS attack]] by multiple botnet machines also resembles a "zombie horde attack", as depicted in fictional [[zombie film]]s.
 [[File:Circle of spam.svg|300px|right|thumb|(1)&nbsp;Spammer's web site (2)&nbsp;Spammer (3)&nbsp;Spamware (4)&nbsp;Infected computers (5)&nbsp;Virus or trojan (6)&nbsp;Mail servers (7)&nbsp;Users (8)&nbsp;Web traffic]]
@@ Line 10: / Line 9: @@
 ==Advertising==
-Zombie computers have been used extensively to send e-mail spam; as of 2005, an estimated 50&ndash;80% of all spam worldwide was sent by zombie computers.<ref>{{Cite web |author=Tom Spring |date=June 20, 2005 |url=http://www.pcworld.com/article/121381/article.html |title=Spam Slayer: Slaying Spam-Spewing Zombie PCs |publisher=PC World |access-date=December 19, 2015|archive-date=July 16, 2017|archive-url=https://web.archive.org/web/20170716042122/http://www.pcworld.com/article/121381/article.html|url-status=live}}</ref> This allows [[spammer]]s to avoid detection and presumably reduces their [[Bandwidth (computing)|bandwidth]] costs, since the owners of zombies pay for their own bandwidth. This spam also greatly increases the spread of Trojan horses, as Trojans are not self-replicating. They rely on the movement of e-mails or spam to grow, whereas worms can spread by other means.<ref>{{cite book|title=Managing Information in the Public Sector|page=221|first=Jay D.|last=White|publisher=M.E. Sharpe|year=2007|isbn=978-0-7656-1748-4}}</ref> For similar reasons, zombies are also used to commit [[click fraud]] against sites displaying [[pay-per-click]] advertising. Others can host [[phishing]] or [[money mule]] recruiting websites.
+Zombie computers have been used extensively to send [[Email spam|e-mail spam]]; as of 2005, an estimated 50&ndash;80% of all spam worldwide was sent by zombie computers.<ref>{{Cite web |author=Tom Spring |date=June 20, 2005 |url=http://www.pcworld.com/article/121381/article.html |title=Spam Slayer: Slaying Spam-Spewing Zombie PCs |publisher=PC World |access-date=December 19, 2015|archive-date=July 16, 2017|archive-url=https://web.archive.org/web/20170716042122/http://www.pcworld.com/article/121381/article.html|url-status=live}}</ref> This allows [[spammer]]s to avoid detection and presumably reduces their [[Bandwidth (computing)|bandwidth]] costs, since the owners of zombies pay for their own bandwidth. This spam also greatly increases the spread of [[Trojan horse (computing)|Trojan horses]], as Trojans are not self-replicating. They rely on the movement of e-mails or spam to grow, whereas worms can spread by other means.<ref>{{cite book|title=Managing Information in the Public Sector|page=221|first=Jay D.|last=White|publisher=M.E. Sharpe|year=2007|isbn=978-0-7656-1748-4}}</ref> For similar reasons, zombies are also used to commit [[click fraud]] against sites displaying [[pay-per-click]] advertising. Others can host [[phishing]] or [[money mule]] recruiting websites.
 == Distributed denial-of-service attacks ==
 Zombies can be used to conduct [[distributed denial-of-service]] (DDoS) attacks, a term which refers to the orchestrated flooding of target websites by large numbers of computers at once. The large number of Internet users making simultaneous requests of a website's server is intended to result in crashing and the prevention of legitimate users from accessing the site.<ref>{{cite book|title=The Truth about Avoiding Scams|page=[https://archive.org/details/truthaboutavoidi0000weis/page/201 201]|first=Steve|last=Weisman|publisher=FT Press|year=2008|isbn=978-0-13-233385-6|url-access=registration|url=https://archive.org/details/truthaboutavoidi0000weis/page/201}}</ref> A variant of this type of flooding is known as distributed degradation-of-service. Committed by "pulsing" zombies, distributed degradation-of-service is the moderated and periodical flooding of websites intended to slow down rather than crash a victim site. The effectiveness of this tactic springs from the fact that intense flooding can be quickly detected and remedied, but pulsing zombie attacks and the resulting slow-down in website access can go unnoticed for months and even years.<ref>{{cite book|title=Internet and the Law|year=2006|page=325|first=Aaron|last=Schwabach|publisher=ABC-CLIO|isbn=1-85109-731-7}}</ref>
-The computing facilitated by [[Internet of things|Internet of Things]] (IoT) has been productive for modern day usage but it has played a significant role in the increase in such web attacks. The potential of IoT enables every device to communicate efficiently but this increases the need of policy enforcement regarding the security threats. Through these devices, the most prominent attacking behaviors is the DDoS. Research has been conducted to study the impact of such attacks on IoT networks and their compensating provisions for defense.<ref>{{Cite journal|last1=Lohachab|first1=Ankur|last2=Karambir|first2=Bidhan|date=2018-09-01|title=Critical Analysis of DDoS—An Emerging Security Threat over IoT Networks|url=https://doi.org/10.1007/s41650-018-0022-5|journal=Journal of Communications and Information Networks|language=en|volume=3|issue=3|pages=57–78|doi=10.1007/s41650-018-0022-5|s2cid=52924506|issn=2509-3312}}</ref>
+The computing facilitated by the [[Internet of things|Internet of Things]] (IoT) has been productive for modern-day usage, yet it has played a significant role in the increase in web attacks. The potential of IoT enables every device to communicate efficiently, but this also intensifies the need for policy enforcement regarding security threats. Among these threats, Distributed Denial-of-Service (DDoS) attacks are prevalent. Research has been conducted to study the impact of such attacks on IoT networks and to develop compensating provisions for defense.<ref>{{Cite journal|last1=Lohachab|first1=Ankur|last2=Karambir|first2=Bidhan|date=2018-09-01|title=Critical Analysis of DDoS—An Emerging Security Threat over IoT Networks|url=https://doi.org/10.1007/s41650-018-0022-5|journal=Journal of Communications and Information Networks|language=en|volume=3|issue=3|pages=57–78|doi=10.1007/s41650-018-0022-5|s2cid=52924506|issn=2509-3312}}</ref> Consultation services specialized in IoT security, such as those offered by [https://gravitechdreams.com/service/iot-consulting/ IoT consulting firms]{{dead link|date=December 2024|bot=medic}}{{cbignore|bot=medic}}, play a vital role in devising comprehensive strategies to safeguard IoT ecosystems from cyber threats.
-Notable incidents of distributed denial- and degradation-of-service attacks in the past include the attack upon the [[Spam Prevention Early Warning System|SPEWS]] service in 2003, and the one against [[Blue Frog]] service in 2006. In 2000, several prominent Web sites ([[Yahoo]], [[eBay]], etc.) were clogged to a standstill by a distributed denial of service attack mounted by ‘[[MafiaBoy]]’, a Canadian teenager.
+Notable incidents of distributed denial- and degradation-of-service attacks in the past include the attack upon the [[Spam Prevention Early Warning System|SPEWS]] service in 2003, and the one against [[Blue Frog]] service in 2006. In 2000, several prominent Web sites ([[Yahoo]], [[eBay]], etc.) were clogged to a standstill by a distributed denial of service attack mounted by '[[MafiaBoy]]', a Canadian teenager.
 == Smartphones ==
@@ Line 38: / Line 37: @@
 {{external links|date=May 2017}}
 *[https://web.archive.org/web/20061230152432/http://www.vnunet.com/vnunet/news/2144375/botnet-operation-ruled-million Botnet operation controlled 1.5 million PCs]
-*[http://antivirus.about.com/od/whatisavirus/a/zombiepc.htm Is Your PC a Zombie? on About.com]
+*[http://antivirus.about.com/od/whatisavirus/a/zombiepc.htm Is Your PC a Zombie? on About.com] {{Webarchive|url=https://web.archive.org/web/20110724184532/http://antivirus.about.com/od/whatisavirus/a/zombiepc.htm |date=July 24, 2011 }}
+*[http://tweezersedge.com/archives/2005/02/000534.html A detailed account of what a zombie machine looks like and what it takes to "fix" it] {{Webarchive|url=https://web.archive.org/web/20060427120006/http://tweezersedge.com/archives/2005/02/000534.html |date=April 27, 2006 }}
-*[http://lowkeysoft.com/proxy/ Intrusive analysis of a web-based proxy zombie network]
-*[http://tweezersedge.com/archives/2005/02/000534.html A detailed account of what a zombie machine looks like and what it takes to "fix" it]
+{{Information security}}
-*[http://radsoft.net/news/roundups/grc/wkd/ Correspondence between Steve Gibson and Wicked]
-*[http://johnbokma.com/mexit/2006/01/16/zombie-comment-spam-referer-spam.html Zombie networks, comment spam, and referer [sic&#93; spam]
-*[http://gadgetwise.blogs.nytimes.com/2009/08/14/phone-hacking-threat-is-low-but-it-exists/ The New York Times: Phone Hacking Threat is Low, But It Exists]
-*[https://www.youtube.com/watch?v=lqB-0sI8e-4 Hackers Target Cell Phones, WPLG-TV/ABC-10 Miami]
-*[https://www.wired.com/threatlevel/2009/07/blackberry-spyware/ Researcher: BlackBerry Spyware Wasn’t Ready for Prime Time]
-*[https://www.forbes.com/2009/07/28/hackers-iphone-apple-technology-security-hackers.html Forbes: How to Hijack Every iPhone in the World]
-*[https://www.pcworld.com/article/173089/hackers_plan_to_clobber_the_cloud_spy_on_blackberries.html Hackers Plan to Clobber the Cloud, Spy on Blackberries]
-*[https://web.archive.org/web/20091024033302/http://www.blackberrycool.com/2009/07/16/smobile-systems-release-solution-for-etisalat-blackberry-spyware/ SMobile Systems release solution for Etisalat BlackBerry spyware]
-* [https://sourceforge.net/projects/loic-irc-0/ LOIC IRC-0 - An Open-Source IRC Botnet for Network Stress Testing]
-* [https://sourceforge.net/projects/loic-slow-irc/ An Open-Source IRC and Webpage Botnet for Network Stress Testing]
 {{Malware}}
 [[Category:Computer network security]]
 [[Category:Denial-of-service attacks]]

v t e Information security
Related security categories	Computer security Automotive security Cybercrime Cybersex trafficking Computer fraud Cybergeddon Cyberterrorism Cyberwarfare Electromagnetic warfare Information warfare Internet security Mobile security Network security Copy protection Digital rights management	vectorial version
Threats	Adware Advanced persistent threat Arbitrary code execution Backdoors Bombs Fork Logic Time Zip Hardware backdoors Code injection Crimeware Cross-site scripting Cross-site leaks DOM clobbering History sniffing Cryptojacking Botnets Data breach Drive-by download Browser Helper Objects Viruses Data scraping Denial-of-service attack Eavesdropping Email fraud Email spoofing Exploits Fraudulent dialers Hacktivism Infostealer Insecure direct object reference Keystroke loggers Malware Payload Phishing Voice Polymorphic engine Privilege escalation Ransomware Rootkits Scareware Shellcode Spamming Social engineering Spyware Software bugs Trojan horses Hardware Trojans Remote access trojans Vulnerability Web shells Wiper Worms SQL injection Rogue security software Zombie
Defenses	Application security Secure coding Secure by default Secure by design Misuse case Computer access control Authentication Multi-factor authentication Authorization Computer security software Antivirus software Security-focused operating system Data-centric security Obfuscation (software) Data masking Encryption Firewall Intrusion detection system Host-based intrusion detection system (HIDS) Anomaly detection Information security management Information risk management Security information and event management (SIEM) Runtime application self-protection Site isolation

v t e Malware topics
Infectious malware	Comparison of computer viruses Computer virus Computer worm List of computer worms Timeline of computer viruses and worms
Concealment	Backdoor Clickjacking Man-in-the-browser Man-in-the-middle Rootkit Trojan horse Zombie computer
Malware for profit	Adware Botnet Crimeware Fleeceware Form grabbing Fraudulent dialer Infostealer Keystroke logging Malbot Privacy-invasive software Ransomware Rogue security software Scareware Spyware Web threats
By operating system	Android malware Classic Mac OS viruses iOS malware Linux malware MacOS malware Macro virus Mobile malware Palm OS viruses HyperCard viruses
Protection	Anti-keylogger Antivirus software Browser security Data loss prevention software Defensive computing Firewall Internet security Intrusion detection system Mobile security Network security
Countermeasures	Computer and network surveillance Honeypot Operation: Bot Roast