Zombie PCs: 'Time to infection is less than five minutes'

Zombie PCs: 'Time to infection is less than five minutes'

Summary: A fascinating -- and horrifying -- new article in The New York Times offers the lowdown on "zombie computers," the half-a-million-or-so machines that are converted, assembled into systems called "botnets" and forced to do a shadowy figure's bidding, namely in the form of automated programs that send the majority of e-mail spam, illegally seek financial information and install malicious software on still more PCs.Lock up your Windows and children!


ZombiesA fascinating -- and horrifying -- new article in The New York Times offers the lowdown on "zombie computers," the half-a-million-or-so machines that are converted, assembled into systems called "botnets" and forced to do a shadowy figure's bidding, namely in the form of automated programs that send the majority of e-mail spam, illegally seek financial information and install malicious software on still more PCs.

Lock up your Windows and children!

In what sounds like the plot of 28 Days Later -- computer "rage," anyone? --  the Times reports that botnets are alive and strong, according to shadowserver.org, a site that tracks such things:

"The mean time to infection is less than five minutes," said Richie Lai, who is part of Microsoft’s Internet Safety Enforcement Team, a group of about 20 researchers and investigators. The team is tackling a menace that in the last five years has grown from a computer hacker pastime to a dark business that is threatening the commercial viability of the Internet.

Great Scot! The simple reality of these bots is terrifying to the security-minded: Any computer connected to the Internet can be vulnerable. Botnet attacks can come with their own antivirus software, permitting the programs to take over a computer and then effectively remove other malware competitors.

According to the article, Microsoft investigators "were amazed recently to find a botnet that turned on the Microsoft Windows Update feature after taking over a computer, to defend its host from an invasion of competing infections."

Good lord. What's more, botnets have evolved quickly to make detection more difficult, recently using "fast-flux," a technique that generates a rapidly changing set of Internet addresses to make the botnet more difficult to locate and disrupt.

Yikes. So what's a user to do?

First, take Microsoft's Malicious Software Removal Tool out for a ride. Then make sure your firewall is up and you're up to date with all security patches.

Then pray. Because these zombies are hard to find, much less kill. Just last week, Secunia, a computer security firm,  tested a dozen leading PC security suites and found that the best one detected only 64 out of 300 software vulnerabilities.

Has your computer ever gone zombie? Tell us in TalkBack.

Topics: Hardware, Browser, CXO, Microsoft, Security

Andrew Nusca

About Andrew Nusca

Andrew Nusca is a former writer-editor for ZDNet and contributor to CNET. During his tenure, he was the editor of SmartPlanet, ZDNet's sister site about innovation.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • What is a user to do????

    One word: Linux.
    • One word.

      Sleeper Service
      • Agreed, NO Windows.

        This is a Windows problem.
        • Until you get a large enough market share

          in Linux.
          They don't call it an AdminKit, they call it a RootKit.
          Your wishful thinking won't stop it.
          • Market share or none...

            ...that rootkit is pretty hard to install over a network.
          • (Yawn) $10 eBay router, best firewall

            When I first got DSL 1000 years ago, I had multiple PCs so I had to put them behind a used, $10 router I bought on eBay.

            Having become very net address proficient in that 1000 years, I now understand I need never worry about virus attack and in fact I only bother with AntiVirus for eMail. Security sites show my systems as totally invisible to the Internet.

            While I do 1st and 15th full backups of 130Gigs of data and daily incrementals, I HAVE NEVER BEEN INVADED.

            Wine Arbitrage at:
            Seamus O'Brog
          • Not so fast swifty

            Your firewall only attacks you from unsolicited inbound network attacks. If you use any of those machines to surf the internet you're vulnerable to any number of malware downloads, drive-by attacks, or other vectors. Once one of your computers gets compromised it will happily rage around your LAN *behind* your firewall and attack the other computers. Zombies make active requests of their command and control (C&C) centers and herder, so at that point your firewall is useless. Firewalls are *not* a foolproof means of defense! So far you're just lucky, not wise. For more information: http://www.madirish.net
          • That old nonsense?

            Look if you dare. I know you won't.
          • Uninformed

            Only on a comprimised system could a virus be installed under Linux/UNIX.
          • Until you get a large enough market share

            "Until you get a large enough market share
            in Linux."

            This sentence is inherently wrong.
            You can speak of market when the products are
            given away for money or for other goods.
            This is not the case for Linux kernel based
            operating systems (exceptions excluded).

            So is "market share", it can be evaluated only
            by counting the sold product units.

            "Linux" is given away for free, freely copied,
            installed and used. That means nobody is able
            to say how much it is spread over the world.
            Official numbers are a bloat only, a "'would
            like it to be" by or for the already known
            monopolist enterprises, no more.

            Back to the original subject.
            The problem is... Windows, and the fact Windows
            users would have something not being Windows
            but behaving as Windows.

            Sorry, Linux is not Windows, and never will it
            If you change to Linux, learn Linux.
            If you drive bicycles, and change to cars,
            learn driving cars.
            Don't expect a car to be like a bicycle. It
            definitively is not a bicycle and it will never

            Windows is the perfect security issue by
            Microsoft is delivering products perfect to be
            used to control your PC and data.
            The fact many people use it doesn't make it
            better, secure, bug free or the like, it makes
            it only a big security hole in the net, in
            companies, at home etc..

            No, Linux or OSx or other o.s. are not
            necessarily better. Facts demonstrate they

            Ciao ciao.
          • Market-share

            Helloooooooooooo, the point being made is that once enough people (i.e. more than 5%, lol) have Linux, people WILL start writing viruses for Linux. As good as Linux MAY be, don't tell me that with enough determination people won't eventually find a workaround.

            The only reason you have no Linux viruses nowadays is that people don't bother to write them. If everyone were to switch to Linux, people would start writing Linux-specific viruses.

            So until then, have fun using an OS used by a grand total of 5% of people, with all that means about available software etc etc. If Linux should ever increase its percentage of users to anything like Windows', expect to be getting your own load of viruses. And you won't even have a security suite for them. :P
          • Ignorance

            You don't understand the way linux uses root and access controls. Stop reiterating this garbage which you no not what you speak.
            And, if people started writing malicious outside attack code, hundreds times more people know how to work with source code to quickly change it for all who use it so the attack would become benign.
            There is anti virus (unnecessary as it may be) for linux. But, it's unneeded. Linux won't run activeX controls and won't subversively install hidden programs.
            Do a little research. Download a copy of an open source linux (Ubuntu and Suse and Fedora are all free) and learn it. You'll become just as fluent in it as you are in windows plus some in 6 months. Nearly all of your programs have a suitable free alternative that you can install through the operating system of your choice (linux) then come back and realize all the holes in your spammish drivle.
          • Your crystal ball has as many holes in it

            As Windows does. And that's a bunch.

            The only proof you have of what you say is your imagination (and your holy crystal ball).
            Ole Man
          • Okay, my pupil..

            pay attention class is about to start.

            Firstly, If Linux variants would become the bulk of the market.

            Software through GNU comes from the distribution sites, which will compile and test the code and make a MD5 checksum.

            Would you be able to find some site which provides a pre-compiled binary and no MD5 checksum. This binary would need to be compatible with the version and types of libraries installed on your system.

            You should also have the root password. So you have the rights to install the virus, then virus.bin would nicely run in your lists of processes when you do a "ps -ef" command and you could kill it. (Which would be bad thing to do.. cause it would ruin all the trouble of installing the virus in the first place.)

            The trojans you do have for Linux basically works on exploits. If you keep your system patched and up to date, the problem of getting a rogue process would be close to impossible.

            Linux systems can't get infected only comprimised.

            Under Windows a lot of actions are actually run under an account called the "Local System Account". This account has enchanced priviledges and is the equivalent of root on UNIX systems. The Administrator under Windows isn't the boss over the machine at all.

            The number of ways processes can be started by this power user "Local System Account" is the weakness in Windows, since it will install all your virusses for you.

            Another cool thing under Windows is that hiding processes is quite easy under Windows. Whereas under Linux it would really need a kernel recompilation and a reboot. (And you know how much affected uptime will get noticed in that environment.)

            That concludes this brief course on virusses.
          • [rolling eyes] "can you say . . .


            Here we go again, the Market Share Myth.

            Can we move along now?

            Next time, I'll assume it's a Troll or a Newb to *this* forum and I'll not bother responding.


            brian ansorge
            brian ansorge
        • ZZZZZzzzz - stupidity is boring....nt

        • On word:


          Regardless of your underlying O/S, do all of your browsing from a virtual machine. Periodically (e.g. every time you start) restore the working image from an archive. Even if you get hit, it only lasts for the duration of your session.
          Anne O'Neimaus
          • Unless

            There is a vulnerability in VmWare.

            It has all the access it needs to completely hose your system.
        • What a bunch of clueless idiots

          The problems is criminal organisation targeting the most obvious target (everyone is using windows). give the Mactards a couple share of the market and Mac OS will crash and burn (especialy since Apple have no clue about security). As far a linux is concern.. well you get all the security you want, but on a platform that nobody use because it is still at leat 10 years behind for user friendlyness.

          So go play with you overprice Mac pseudo computer or your Linux sandbox and stop showing the world how a clueless stupid idiot you are.
      • Yes ]:)

        Linux User 147560