How Do I Recognize a Zombie Computer?
A zombie host is a computer device that is infected with a zombie program virus and thus controlled by a hacker program. The computer device may be a terminal device or a cloud device. It can launch a denial of service (DoS) attack or send spam at any time in accordance with the hacker's command and control (C & C) command and control. Usually, an compromised computer is just one of many botnets that will be used to run a series of or remotely controlled malicious programs. Most computer owners do not realize that their system has been "zombified", just like a zombie without self-consciousness.
- The infection process of a zombie host can be divided into three stages: transmission, command and control (C & C), and launching an attack. After a normal host is infected with a zombie program, it will actively communicate with Botnet's command and control server (C & C Server), and be controlled by the main controller of Botnet for attack. [1]
- The bot is secretly implanted into the normal host by the attacker and becomes a zombie host, that is, a Bot machine. It can actively connect to the Botnet command and control server (C & CServer) to join the corresponding botnet. , Follow the instructions to perform the corresponding action. [2]
- Zombie hosts are widely used to send spam emails. In 2005, an estimated 50 to 80% of spam emails were sent by bots. In this way, spammers can evade detection and even reduce communication costs, because "zombie owner" traffic is used, and "zombie owner" has to pay. This kind of spam email also greatly promotes the spread of Trojan horses, because Trojan horses cannot spread by self-replication. They can only spread by spam emails, but worms can be spread by other methods.
- In the same way, bots can be used as click spoofing, that is, click on those online ads that pay for clicks. Others are used as hosts for phishing or money recruiting websites.
- Zombie hosts can be used for distributed denial-of-service attacks, that is, using a large number of computers to systematically impact the target website at the same time. A large number of Internet users make requests to the website server at the same time to crash the website and prevent normal users from accessing it. There is a variant called the worsening of distributed services, which is a mild and repeated impact on the website, which is performed by the zombie host in a pulsed manner, the purpose is to make the victim website slower rather than crash. This strategy works because concentrated shocks can be quickly detected and responded to, but the slowdown of a website caused by a pulsed shock can go undetected for months or even years.
- The more well-known attacks are attacks on SPEWS services in 2003 and attacks on Blue Frog services in 2006. In 2000, some famous websites (Yahoo, eBay, etc.) were stopped by a Canadian teen MafiaBoy using a distributed denial of service attack. Another attack on grc.com was also discussed carefully. The attacker was identified by a Gibson Research website as a 13-year-old teenager from Kenosha, Wisconsin. Gibson Research's Steve Gibson dismantled a "robot" used to zombie computers and then tracked down its spreaders. In Gibson's written research record, he describes how the "robot" controlled IRC works with this robot.