Zombie (computer science)
In computer science, a "zombie" refers to a computer that is remotely controlled by an external operator without the user's consent, often as a result of malware infection. Zombies, commonly called bots, continue to function normally but usually exhibit slower performance. They are primarily exploited for illegal activities, such as spreading malware and conducting hacking operations. The process of creating a zombie typically involves various forms of malware, including viruses, Trojan horses, and spyware, which infiltrate the system without the user's knowledge.
Zombies are often organized into networks known as botnets, which allow attackers to control multiple infected computers simultaneously. These botnets can be utilized for various malicious purposes, including sending spam emails and executing distributed denial of service (DDoS) attacks, which overwhelm servers by flooding them with requests. Symptoms of a zombie infection may include unusual system sluggishness, excessive outgoing messages, and an inability to update antivirus software. To protect against zombie infections, experts recommend using reputable antivirus tools and practicing safe browsing habits.
On this Page
Subject Terms
Zombie (computer science)
A zombie, also called a bot, refers to any computer remotely under the control of another operator without the original computer user's consent. Zombie computers are often created by viruses and other malicious software called malware. The primary user does not often know that his or her computer has become a zombie. The computer still functions normally but usually works at a slower rate. Zombie computers are often used for illegal activities, such as spreading malware and hacking.
Background
Malware is malicious programming installed without a computer user's knowledge or approval. Malware includes computer viruses, Trojan horses, spyware, adware, rootkits, and ransomware, and it is often difficult to remove. Many types of malware are used to turn an uninfected computer into a zombie. In fact, any code capable of installing additional files can be used to create a zombie computer.
While many of these malware labels are often used interchangeably, they all refer to subtly different types of code. A computer virus refers to any piece of self-replicating code that causes damage to the computer. A Trojan horse is a type of malware that is disguised as or attached to a legitimate computer program. They trick computer users into downloading the malware and then install themselves onto a computer. Spyware tracks the user's Internet history, keystrokes, or other forms of sensitive information and sends it to a third party. Adware displays large amounts of unauthorized advertisements on a computer, often with the intent of stealing credit card information. Rootkits are subtle, difficult to remove malware that allow unauthorized users access to a computer. Ransomware encrypts the contents of a computer's hard drive and only gives the user the required tools to restore the files once a large monetary payment has been made to the attacker.
Experts advise computer users to regularly run and update reputable antivirus software on their computers to detect malware. They also advise computer users to download only files from websites they trust and to never open email attachments that look suspicious. If reputable antivirus software fails to remove symptoms of malware, most experts advise contacting a professional for help.
Overview
Zombies are primarily used to create specialized networks called botnets, or zombie armies. In these circumstances, the controlling computer, often called the host computer, is not in constant contact with the zombie computers. Instead, the zombie computers are programmed to listen constantly for commands from the host computer. The host computer will issue commands whenever the attacker sees fit, and the zombie computers will follow those commands.
The Sub7 Trojan horse and the Pretty Park virus created the first botnets in 1999. They were the first programs to infect large numbers of computers with a remote access tool, allowing one central computer to access many other computers at once. Sub7 also offered remote keylogging tools, allowing the botnet controller to harvest massive amounts of personal information. Within a few years, various botnets had been created. Spybot, developed in 2003, was the first botnet exclusively built for data mining, the process of collecting personal information in large quantities.
Soon after the development of Spybot, criminals began to realize botnets' potential for illicit activities. Early spam emails, which were used to spread malware and advertisements, were originally sent from centralized server farms. However, with botnets, thousands or millions of computers could be used to send spam. When using a botnet, criminals did not need to pay for server upkeep or find a place to store physical servers. Additionally, if the authorities managed to seize or shut down a server farm, the spamming operation would be shut down. To shut down a botnet, authorities would need to find and apprehend whoever controlled the botnet. Such a task is incredibly difficult. Modern botnets can generate fake names and locations for their controlling server on a daily basis. They can also encrypt these fake credentials, making them appear legitimate and forcing authorities to spend time decoding false information.
In addition to spam, botnets are often used in distributed denial of service (DDoS) attacks. DDoS attacks are used to shut down access to a webpage. Webpages are hosted on servers, and servers can only process a finite amount of requests in any given period. DDoS attacks send more requests to the server than it can process, overloading it. An overloaded server can no longer respond to requests, so no other computers can view websites hosted on the server. Traditionally, powerful computers carried out DDoS attacks. Using botnets, thousands of computers can be ordered to access the same server at once. This massive number of sustained requests overloads the server. Such botnet attacks are more difficult to shut down than a traditional DDoS attack.
Computers that are part of a botnet display several symptoms. For example, some computers connected to a botnet will send large amounts of outgoing messages. Others will activate their fans and cooling systems when the primary user is not running demanding programs. This indicates that the botnet is utilizing a large percentage of the computer's resources. Additionally, some botnets will cause computers to start up and shut down extremely slowly or cause programs on the computer to run at a drastically reduced speed. Lastly, some botnets will stop the computer from updating its operating system or updating any antivirus software. This is because newer variants of the operating system may stop the botnet from operating, and newer versions of antivirus software may be able to remove the virus that created the zombie.
Bibliography
"Botnet." Radware.com, 2023, security.radware.com/ddos-knowledge-center/ddospedia/botnet/. Accessed 3 Jan. 2023.
"Backdoor:W32/SubSeven." F-Secure, 2023, www.f-secure.com/v-descs/subseven.shtml. Accessed 3 Jan. 2023.
Geier, Eric, and Norem, Josh. "How to Remove Malware from Your Windows PC." PCWorld, 18 July 2016, www.pcworld.com/article/243818/security/how-to-remove-malware-from-your-windows-pc.html. Accessed 30 Nov. 2016.
"The History of the Botnet, Part I." TrendMicro, 24 Sept. 2010, countermeasures.trendmicro.eu/the-history-of-the-botnet-part-i. Accessed 30 Nov. 2016.
Rouse, Margaret. "Zombie (bot)." Tech Target, 2016, searchmidmarketsecurity.techtarget.com/definition/zombie. Accessed 30 Nov. 2016.
Strickland, Jonathan. "How Zombie Computers Work." HowStuffWorks, 2016, computer.howstuffworks.com/zombie-computer1.htm. Accessed 30 Nov. 2016.
"Top 10 Signs Your Computer May be Part of a Botnet." WeLiveSecurity, 21 Apr. 2010, www.welivesecurity.com/2010/04/21/top-10-signs-your-computer-may-be-part-of-a-botnet. Accessed 30 Nov. 2016.
"What Are Zombies in Cyber Security?" GeeksforGeeks, 16 July 2023, www.geeksforgeeks.org/what-are-zombies-in-cyber-security/. Accessed 25 Nov. 2024.
"What Is a Botnet Attack?" Kaspersky Lab, 2016, usa.kaspersky.com/internet-security-center/threats/botnet-attacks#.WEcmCH0koU0. Accessed 30 Nov. 2016.
"What Is Malware and How Can We Prevent It?" PCTools, 2016, www.pctools.com/security-news/what-is-malware/. Accessed 30 Nov. 2016.