What is a Zombie?

   

A zombie is a computer that is remotely controlled by an unauthorized entity. Most active zombies today are personal computers running the Microsoft Windows operating system that have been infected with malware. Other zombies may be compromised Windows Server or Linux webservers, office or factory computers, or even specialized purpose-built computers with high-speed Internet connections. Although an estimated 70-90% of Microsoft Windows computers are infected with some form of malware, only about one fifth of these, or roughly 15% of personal home computers, are active or dormant zombies. The term zombie derives from the classic meaning of the word, which refers to an animated corpse who performs it's master's wishes with no free will of it's own. Similarly, zombie computers service the entity that has compromised them, without regard for the will of the computer's legitimate owner or operator.

Zombies are used to conduct time consuming or bandwidth-heavy operations at the expense of an anonymous victim. Additionally, zombies are useful for hiding one's identity, as the origin of the command that a zombie performs may be impossible to trace. Thus, zombies are often used for cracking networks, distributing spam, DDoS attacks, and performing other illegal activities. Some legal activities performed by zombies include webcrawling, auction sniping, and simulated human activity such as website viewing with the intention of skewing statistical software. Computers compromised as zombies often have spyware installed on them, which may collect email addresses to spam as well as sensitive financial information and passwords.

Most zombies participate in one or more botnets. A botnet is a network of zombies controlled in aggregate form by a remote entity. While many of a zombie's functions can be carried out by a single machine, other functions can require hundreds or even thousands of computers working in tandem. For instance, distributed denial of service attacks are most effective when launched from different IP addresses, at different physical locations. Because webservers typically have more bandwidth available than home computers, a single home computer would not be able to perform a successful DDoS attack alone. Additionally, smart webserver firewalls would quickly block the attacker's IP address, neutralizing the attack. If the attack comes from many different IP addresses, and targets multiple unrelated services on the server, a successfull DDoS attack can be carried out with as little as 1000 personal computers. Zombies are ideal computers to use for this purpose, as they are relatively cheap, disposable, and most importantly, they are anonymous.



StumbleUpon Toolbar

del.icio.us

Submit to Technorati

Rate this answer: (What is a Zombie?)
Anything else you'd like to add:
 
Would you like a personal response:
 


Security Terminology Questions

Search:

  • Custom Search

Newsletter

Bookmarking:

EntreCard

Something New!

7 more days...