Zombie (computer science)
   HOME

TheInfoList



Click Here for Items Related To - Zombie (computer science)
OR:
Zombie (computer science) on:   [Wikipedia]   [Google]   [Amazon]

In
computing Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, ...
, a zombie is a computer connected to the Internet that has been compromised by a
hacker A hacker is a person skilled in information technology who uses their technical knowledge to achieve a goal or overcome an obstacle, within a computerized system by non-standard means. Though the term ''hacker'' has become associated in popu ...
via a computer virus, computer worm, or
trojan horse The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
program and can be used to perform malicious tasks under the remote direction of the hacker. Zombie computers often coordinate together in a
botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
controlled by the hacker, and are used for activities such as spreading
e-mail spam Email spam, also referred to as junk email, spam mail, or simply spam, is unsolicited messages sent in bulk by email (spamming). The name comes from a Monty Python sketch in which the name of the canned pork product Spam is ubiquitous, unavoida ...
and launching distributed denial-of-service attacks (DDoS attacks) against web servers. Most victims are unaware that their computers have become zombies. The concept is similar to the
zombie A zombie ( Haitian French: , ht, zonbi) is a mythological undead corporeal revenant created through the reanimation of a corpse. Zombies are most commonly found in horror and fantasy genre works. The term comes from Haitian folklore, in w ...
of Haitian Voodoo folklore, which refers to a corpse resurrected by a sorcerer via magic and enslaved to the sorcerer's commands, having no free will of its own. A coordinated DDoS attack by multiple botnet machines also resembles a "zombie horde attack", as depicted in fictional
zombie film A zombie film is a film genre. Zombies are fictional creatures usually portrayed as reanimated corpses or virally infected human beings. They are commonly portrayed as cannibalistic in nature. While zombie films generally fall into the horror ...
s.


Advertising

Zombie computers have been used extensively to send e-mail spam; as of 2005, an estimated 50–80% of all spam worldwide was sent by zombie computers. This allows
spammer Spamming is the use of messaging systems to send multiple unsolicited messages (spam) to large numbers of recipients for the purpose of commercial advertising, for the purpose of non-commercial proselytizing, for any prohibited purpose (especial ...
s to avoid detection and presumably reduces their
bandwidth Bandwidth commonly refers to: * Bandwidth (signal processing) or ''analog bandwidth'', ''frequency bandwidth'', or ''radio bandwidth'', a measure of the width of a frequency range * Bandwidth (computing), the rate of data transfer, bit rate or thr ...
costs, since the owners of zombies pay for their own bandwidth. This spam also greatly increases the spread of Trojan horses, as Trojans are not self-replicating. They rely on the movement of e-mails or spam to grow, whereas worms can spread by other means. For similar reasons, zombies are also used to commit
click fraud Click, Klick and Klik may refer to: Airlines * Click Airways, a UAE airline * Clickair, a Spanish airline * MexicanaClick, a Mexican airline Art, entertainment, and media Fictional characters * Klick (fictional species), an alien race in t ...
against sites displaying
pay-per-click Pay-per-click (PPC) is an internet advertising model used to drive traffic to websites, in which an advertiser pays a publisher (typically a search engine, website owner, or a network of websites) when the ad is clicked. Pay-per-click is usually ...
advertising. Others can host
phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwa ...
or
money mule Money is any item or verifiable record that is generally accepted as payment for goods and services and repayment of debts, such as taxes, in a particular country or socio-economic context. The primary functions which distinguish money are as ...
recruiting websites.


Distributed denial-of-service attacks

Zombies can be used to conduct distributed denial-of-service (DDoS) attacks, a term which refers to the orchestrated flooding of target websites by large numbers of computers at once. The large number of Internet users making simultaneous requests of a website's server is intended to result in crashing and the prevention of legitimate users from accessing the site. A variant of this type of flooding is known as distributed degradation-of-service. Committed by "pulsing" zombies, distributed degradation-of-service is the moderated and periodical flooding of websites intended to slow down rather than crash a victim site. The effectiveness of this tactic springs from the fact that intense flooding can be quickly detected and remedied, but pulsing zombie attacks and the resulting slow-down in website access can go unnoticed for months and even years. The computing facilitated by Internet of Things (IoT) has been productive for modern day usage but it has played a significant role in the increase in such web attacks. The potential of IoT enables every device to communicate efficiently but this increases the need of policy enforcement regarding the security threats. Through these devices, the most prominent attacking behaviors is the DDoS. Research has been conducted to study the impact of such attacks on IoT networks and their compensating provisions for defense. Notable incidents of distributed denial- and degradation-of-service attacks in the past include the attack upon the SPEWS service in 2003, and the one against
Blue Frog Blue Frog was a freely-licensed anti-spam tool produced by Blue Security Inc. and operated as part of a community-based system which tried to persuade spammers to remove community members' addresses from their mailing lists by automating the com ...
service in 2006. In 2000, several prominent Web sites (
Yahoo Yahoo! (, styled yahoo''!'' in its logo) is an American web services provider. It is headquartered in Sunnyvale, California and operated by the namesake company Yahoo Inc., which is 90% owned by investment funds managed by Apollo Global Manage ...
,
eBay eBay Inc. ( ) is an American multinational e-commerce company based in San Jose, California, that facilitates consumer-to-consumer and business-to-consumer sales through its website. eBay was founded by Pierre Omidyar in 1995 and became ...
, etc.) were clogged to a standstill by a distributed denial of service attack mounted by ‘ MafiaBoy’, a Canadian teenager.


Smartphones

Beginning in July 2009, similar botnet capabilities have also emerged for the growing
smartphone A smartphone is a portable computer device that combines mobile telephone and computing functions into one unit. They are distinguished from feature phones by their stronger hardware capabilities and extensive mobile operating systems, whic ...
market. Examples include the July 2009 in the "wild" release of the Sexy Space
text message Text messaging, or texting, is the act of composing and sending electronic messages, typically consisting of alphabetic and numeric characters, between two or more users of mobile devices, desktops/laptops, or another type of compatible comput ...
worm, the world's first botnet capable SMS worm, which targeted the Symbian operating system in
Nokia Nokia Corporation (natively Nokia Oyj, referred to as Nokia) is a Finnish multinational telecommunications, information technology, and consumer electronics corporation, established in 1865. Nokia's main headquarters are in Espoo, Finland, i ...
smartphones. Later that month, researcher Charlie Miller revealed a
proof of concept Proof of concept (POC or PoC), also known as proof of principle, is a realization of a certain method or idea in order to demonstrate its feasibility, or a demonstration in principle with the aim of verifying that some concept or theory has prac ...
text message worm for the iPhone at
Black Hat Briefings Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together ...
. Also in July,
United Arab Emirates The United Arab Emirates (UAE; ar, اَلْإِمَارَات الْعَرَبِيَة الْمُتَحِدَة ), or simply the Emirates ( ar, الِْإمَارَات ), is a country in Western Asia ( The Middle East). It is located at t ...
consumers were targeted by the Etisalat BlackBerry
spyware Spyware (a portmanteau for spying software) is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their priva ...
program. In the 2010s, the security community is divided as to the real world potential of mobile botnets. But in an August 2009 interview with ''
The New York Times ''The New York Times'' (''the Times'', ''NYT'', or the Gray Lady) is a daily newspaper based in New York City with a worldwide readership reported in 2020 to comprise a declining 840,000 paid print subscribers, and a growing 6 million paid d ...
'', cyber security consultant Michael Gregg summarized the issue this way: "We are about at the point with marthones that we were with desktops in the '80s."


See also

* BASHLITE *
Botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
*
Denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conn ...
* Low Orbit Ion Cannon * Malware *
RDP shop An RDP shop is a website where access to hacked computers is sold to cybercriminals. The computers may be acquired via scanning the web for open Remote Desktop Protocol connections and brute-forcing passwords. High-value ransomware Ransomware ...
*
Trojan horse (computing) In computing, a Trojan horse is any malware that misleads users of its true intent. The term is derived from the Ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy. Trojans generally spread by some fo ...


References


External links


Botnet operation controlled 1.5 million PCsIntrusive analysis of a web-based proxy zombie network
* ttp://radsoft.net/news/roundups/grc/wkd/ Correspondence between Steve Gibson and Wickedbr>Zombie networks, comment spam, and referer [sic] spamThe New York Times: Phone Hacking Threat is Low, But It ExistsHackers Target Cell Phones, WPLG-TV/ABC-10 MiamiResearcher: BlackBerry Spyware Wasn’t Ready for Prime TimeSMobile Systems release solution for Etisalat BlackBerry spyware

LOIC IRC-0 - An Open-Source IRC Botnet for Network Stress Testing

An Open-Source IRC and Webpage Botnet for Network Stress Testing
{{Malware Computer network security Denial-of-service attacks Zombies Botnets