The seemingly endless spate of worm infestations over the last year has left something even more troubling in its wake: armies of zombie PCs that can be used to send spam, attack Web sites, and generally wreak havoc over the Internet.

Worms such as Sobig, MyDoom, and Bagle have been identified as containing malicious code (malware) that allows remote attackers to take over infected machines–while their victims are blithely oblivious.



UK security firm Sophos estimates that 40 percent of spam is now sent by zombie machines. Sandvine, a network security firm, puts the figure at 80 percent. Distributed computing company Akamai blames zombie PCs for a denial of service attack that briefly blacked out sites like Google, Microsoft, and Yahoo in June. Reuters reports that British teen hackers are hiring out their zombie networks for around $100 an hour.



Besides relaying spam and launching DOS attacks, a zombie machine can be used to send phisher scams, spread viruses, download pornography, and steal personal information, says Carole Theriault, a Sophos security consultant.



“Basically, it is a complete invasion of privacy that can leave you penniless, can have your computer send out all kinds of nasties to innocent computers, and as part of the collective–sorry for Star Trek terminology–contribute to the cyberhavoc going around,” Theriault says.



More here.

0