Spoutin Off: Beware - zombies are sucking the life out of your computer
By Michael E. Rau
June 13 2005
They're all around us. They're multiplying every day. You may even have one in your own home and not know it.
I'm writing of course about zombie computers - computers which have been infected with specific types of malware, which in turn take control of certain parts of your system and then start sending out copies of themselves or other illicit spam.
The problem has become so pervasive that the Federal government has finally stepped into the mix. More on that in a minute.
This is how an Internet security company called CipherTrust describes the problem: "Like the living dead, armies of [zombie] computers are disrupting corporate networks and sucking the life out of business-critical systems around the world."
CipherTrust recently created an online monitor of infected computers which they call their "ZombieMeter". They estimate that in May, there were on average 172,000 new "zombies" created everyday worldwide. Each one of these zombies can then start propagating by sending out new copies of itself.
Security software firm Computer Associates has recently issued an even more ominous warning. They have identified a triple-cocktail of viruses, which once having infected your computer, allow hackers to remotely access your system, bypass any security measures you have in place, and then program your computer to do their bidding.
What makes the nature of these attacks most frightening is the level of sophistication involved. The perpetrators aren't disaffected hackers. They're highly organized groups of criminals. They're willing to break any law to achieve their ends. They possess the technical expertise to pull it off.
The acts carried out through these infiltrations can be as benign (if you can call it that) as sending out massive amounts of spam, to literally taking over your computer via your Internet connection, installing a pirate application, and using your computer to steal identities, engage in cyber-sabotage or commit other acts of computer terrorism.
In some cases, the malware is actually installed by one criminal gang, who once they gain control of your computer, then sell access to their new zombie to another gang which is engaged in illegal activity.
Wouldn't it make your day to have the Feds show up on your doorstep and accuse you of trying to steal credit card information because the attempts are coming from your computer?
This brings me to the announcement by the Federal Trade Commission.
They, along with 30 of their international counterparts, plan to ask Internet service providers to do a better job of monitoring traffic running through their servers for evidence of illegal activity. If such activity is detected, they want the ISPs to quarantine those computers. If the cause turns out to be the presence of zombie code, the FTC has implied that they'll offer unspecified help to clean the code off of the system.
So what if the zombie code is on your home computer? Does the ISP terminate your Internet connection until you allow someone from the ISP or the Federal government to access your computer to supposedly remove the offending code or confirm that it's been effectively removed by you?
Perhaps, rather than taking a "Big Brother" approach to addressing the problem, both the FTC and ISPs might consider adopting a proactive plan which treats the recipient of a zombie infiltration as a victim instead of a criminal.
Here's how that might work:
When you sign up with the provider, you'd submit a soft estimate of the number of pieces of e-mail which you expect to send in a specified period of time. If your outgoing e-mail volume exceeds your estimate by a predetermined amount (maybe 100%), your provider sends you a notice that this is happening and asks if this is OK. You can then scan your system for malware. Maybe your ISP will offer to do it for you or maybe they'll send you to an independent site which will perform this task, such as the system security scanner on Symantec's Web site.
Short of reformatting your hard drive and starting from scratch, cleaning malware off of your system can be a fairly complex task. However, once the source of the corruption has been identified, you can find directions for doing so on the Web sites of anti-virus systems providers such as Symantec and McAfee, if you wish to try.
In the meantime, protecting yourself from having your computer turned into a zombie is problematic. Computer Associates reports that as quickly as anti-virus software firms can update their definitions, the virus writers are subtly altering them to defeat the new protection schemes. To be completely safe, you'd need to update your anti-virus definitions several times per day.
Of course, I have to point out that all of these viruses are a threat only to systems running Microsoft Windows. There's a pretty simple answer to these problems in that fact (think Mac or Linux).
Mike Rau is a communications consultant in Virginia Beach. To send comments to Mike or view past columns, visit http://dailypress.asoundidea.com.
Copyright © 2005, Daily Press