computing Computing is any goal-oriented activity requiring, benefiting from, or creating computer, computing machinery. It includes the study and experimentation of algorithmic processes, and the development of both computer hardware, hardware and softw ...

, a zombie is a computer connected to the Internet that has been compromised by a

hacker A hacker is a person skilled in information technology who achieves goals and solves problems by non-standard means. The term has become associated in popular culture with a security hackersomeone with knowledge of bug (computing), bugs or exp ...

via a

computer virus A computer virus is a type of malware that, when executed, replicates itself by modifying other computer programs and Code injection, inserting its own Computer language, code into those programs. If this replication succeeds, the affected areas ...

computer worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It will ...

, or

trojan horse In Greek mythology, the Trojan Horse () was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer, Homer's ''Iliad'', with the poem ending ...

program and can be used to perform malicious tasks under the remote direction of the hacker. Zombie computers often coordinate together in a

botnet A botnet is a group of Internet-connected devices, each of which runs one or more Internet bot, bots. Botnets can be used to perform distributed denial-of-service attack, distributed denial-of-service (DDoS) attacks, steal data, send Spamming, sp ...

controlled by the hacker, and are used for activities such as spreading

e-mail spam Email spam, also referred to as junk email, spam mail, or simply spam, refers to unsolicited messages sent in bulk via email. The term originates from a Monty Python sketch, where the name of a canned meat product, "Spam," is used repetitively, m ...

and launching distributed denial-of-service attacks (DDoS attacks) against web servers. Most victims are unaware that their computers have become zombies. The concept is similar to the

zombie A zombie (Haitian French: ; ; Kikongo: ''zumbi'') is a mythological undead corporeal revenant created through the reanimation of a corpse. In modern popular culture, zombies appear in horror genre works. The term comes from Haitian folkl ...

of Haitian Voodoo folklore, which refers to a corpse resurrected by a

sorcerer Sorcerer may refer to: Magic * Sorcerer (supernatural), a practitioner of magic that derives from supernatural or occult sources * Sorcerer (fantasy), a fictional character who uses or practices magic that derives from supernatural or occult sou ...

via magic and enslaved to the sorcerer's commands, having no free will of its own. A coordinated

DDoS attack In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conne ...

by multiple botnet machines also resembles a "zombie horde attack", as depicted in fictional

zombie film A zombie film is a film genre. Zombies are fictional creatures usually portrayed as reanimated corpses or virally infected human beings. They are commonly portrayed as cannibalistic in nature. While zombie films generally fall into the horror ...

Advertising

Zombie computers have been used extensively to send

; as of 2005, an estimated 50–80% of all spam worldwide was sent by zombie computers. This allows spammers to avoid detection and presumably reduces their

bandwidth Bandwidth commonly refers to: * Bandwidth (signal processing) or ''analog bandwidth'', ''frequency bandwidth'', or ''radio bandwidth'', a measure of the width of a frequency range * Bandwidth (computing), the rate of data transfer, bit rate or thr ...

costs, since the owners of zombies pay for their own bandwidth. This spam also greatly increases the spread of Trojan horses, as Trojans are not self-replicating. They rely on the movement of e-mails or spam to grow, whereas worms can spread by other means. For similar reasons, zombies are also used to commit

click fraud Click fraud is a type of ad fraud that occurs on the Internet in pay per click (PPC) online advertising. In this type of advertising, the owners of websites that post the ads are paid based on how many site visitors click on the ads. Fraud occurs ...

against sites displaying

pay-per-click Pay-per-click (PPC) is an internet advertising model used to drive traffic to websites, in which an advertiser pays a publisher (typically a search engine, website owner, or a network of websites) when the ad is clicked. This differs from more t ...

advertising. Others can host

phishing Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticate ...

money mule A money mule, sometimes called a "smurfer", is a person who transfers money acquired illegally, such as by theft or fraud. Money mules transfer funds in person, through a courier service, or electronically, on behalf of others. Typically, the mule ...

recruiting websites.

Distributed denial-of-service attacks

Zombies can be used to conduct distributed denial-of-service (DDoS) attacks, a term which refers to the orchestrated flooding of target websites by large numbers of computers at once. The large number of Internet users making simultaneous requests of a website's server is intended to result in crashing and the prevention of legitimate users from accessing the site. A variant of this type of flooding is known as distributed degradation-of-service. Committed by "pulsing" zombies, distributed degradation-of-service is the moderated and periodical flooding of websites intended to slow down rather than crash a victim site. The effectiveness of this tactic springs from the fact that intense flooding can be quickly detected and remedied, but pulsing zombie attacks and the resulting slow-down in website access can go unnoticed for months and even years. The computing facilitated by the

Internet of Things Internet of things (IoT) describes devices with sensors, processing ability, software and other technologies that connect and exchange data with other devices and systems over the Internet or other communication networks. The IoT encompasse ...

(IoT) has been productive for modern-day usage, yet it has played a significant role in the increase in web attacks. The potential of IoT enables every device to communicate efficiently, but this also intensifies the need for policy enforcement regarding security threats. Among these threats, Distributed Denial-of-Service (DDoS) attacks are prevalent. Research has been conducted to study the impact of such attacks on IoT networks and to develop compensating provisions for defense. Consultation services specialized in IoT security, such as those offered b
IoT consulting firms
play a vital role in devising comprehensive strategies to safeguard IoT ecosystems from cyber threats. Notable incidents of distributed denial- and degradation-of-service attacks in the past include the attack upon the SPEWS service in 2003, and the one against Blue Frog service in 2006. In 2000, several prominent Web sites (

Yahoo Yahoo (, styled yahoo''!'' in its logo) is an American web portal that provides the search engine Yahoo Search and related services including My Yahoo, Yahoo Mail, Yahoo News, Yahoo Finance, Yahoo Sports, y!entertainment, yahoo!life, an ...

eBay eBay Inc. ( , often stylized as ebay) is an American multinational e-commerce company based in San Jose, California, that allows users to buy or view items via retail sales through online marketplaces and websites in 190 markets worldwide. ...

, etc.) were clogged to a standstill by a distributed denial of service attack mounted by ' MafiaBoy', a Canadian teenager.

Smartphones

Beginning in July 2009, similar botnet capabilities have also emerged for the growing

smartphone A smartphone is a mobile phone with advanced computing capabilities. It typically has a touchscreen interface, allowing users to access a wide range of applications and services, such as web browsing, email, and social media, as well as multi ...

market. Examples include the July 2009 in the "wild" release of the Sexy Space

text message Text messaging, or texting, is the act of composing and sending electronic messages, typically consisting of alphabetic and numeric characters, between two or more users of mobile phones, tablet computers, smartwatches, desktop computer, des ...

worm, the world's first botnet capable

SMS Short Message Service, commonly abbreviated as SMS, is a text messaging service component of most telephone, Internet and mobile device systems. It uses standardized communication protocols that let mobile phones exchange short text messages, t ...

worm, which targeted the

Symbian Symbian is a discontinued mobile operating system (OS) and computing platform designed for smartphones. It was originally developed as a proprietary software OS for personal digital assistants in 1998 by the Symbian Ltd. consortium. Symbian OS ...

operating system in

Nokia Nokia Corporation is a Finnish multinational corporation, multinational telecommunications industry, telecommunications, technology company, information technology, and consumer electronics corporation, originally established as a pulp mill in 1 ...

smartphones. Later that month, researcher Charlie Miller revealed a

proof of concept A proof of concept (POC or PoC), also known as proof of principle, is an inchoate realization of a certain idea or method in order to demonstrate its feasibility or viability. A proof of concept is usually small and may or may not be complete ...

text message worm for the

iPhone The iPhone is a line of smartphones developed and marketed by Apple that run iOS, the company's own mobile operating system. The first-generation iPhone was announced by then–Apple CEO and co-founder Steve Jobs on January 9, 2007, at ...

Black Hat Briefings Black Hat Briefings (commonly referred to as Black Hat) is a computer security conference that provides security consulting, training, and briefings to hackers, corporations, and government agencies around the world. Black Hat brings together ...

. Also in July,

United Arab Emirates The United Arab Emirates (UAE), or simply the Emirates, is a country in West Asia, in the Middle East, at the eastern end of the Arabian Peninsula. It is a Federal monarchy, federal elective monarchy made up of Emirates of the United Arab E ...

consumers were targeted by the Etisalat BlackBerry

spyware Spyware (a portmanteau for spying software) is any malware that aims to gather information about a person or organization and send it to another entity in a way that harms the user by violating their privacy, endangering their device's securit ...

program. In the 2010s, the security community is divided as to the real world potential of mobile botnets. But in an August 2009 interview with ''

The New York Times ''The New York Times'' (''NYT'') is an American daily newspaper based in New York City. ''The New York Times'' covers domestic, national, and international news, and publishes opinion pieces, investigative reports, and reviews. As one of ...

'', cyber security consultant Michael Gregg summarized the issue this way: "We are about at the point with

mart Mart may refer to: * Mart, or marketplace, a location where people regularly gather for the purchase and sale of provisions, livestock, and other goods * Mart (broadcaster), a local broadcasting station in Amsterdam * Mart (given name) * ''Mart ...

hones that we were with desktops in the '80s."

References

External links

Botnet operation controlled 1.5 million PCs

{{Malware Computer network security Denial-of-service attacks Zombies Botnets

Advertising

Distributed denial-of-service attacks

Smartphones

See also

References

External links