Zombie Generation: The spreading infection

Zombie Generation: The spreading infection

Summary: Standard online safety precautions aren't saving society from increasingly sophisticated networks of infected computers under the control of criminal hackers also known as zombies, a fact which is forcing internet bodies to stronger action.


Standard online safety precautions aren't saving society from increasingly sophisticated networks of infected computers under the control of criminal hackers also known as zombies, a fact which is forcing internet bodies to stronger action.

zombie computers

Zombie computers are becoming a plague
(A bloody keyboard image by Rainer Ebert, CC2.0 )

"If you had to identify the biggest single issue confronting the security and safety and the confidence of the internet these days, particularly in the commercial space, you could only point to zombie botnets as the major concern," Peter Coroneos, chief executive of the Internet Industry Association (IIA), told ZDNet.com.au.

"It's real, and people are worried and should be worried about this," he said.

The Storm botnet, first detected in 2007, peaked at somewhere between 160,000 and 1 million computers. In March 2008 it was believed to be responsible for more than 20 per cent of spam email globally. Botnets such as Srizbi and Kraken have comprised almost half a million computers. Srizbi was estimated to be able to send 60 billion spam emails a day.

But nothing matches Conficker.

First detected in November 2008, Conficker is by far the largest botnet ever seen. During 2009, the Conficker worm was infecting 18 million new computers per month, some 30 per cent of total global infections. At any one time, the botnet comprised between 7 and 10 million machines.

Conficker uses an unusually large number of advanced malware techniques combined with social engineering tricks to infect its hosts. So even though Microsoft issued a patch in October 2008 to fix the key vulnerability Conficker exploits, the worm continues to spread.

"The alarming thing about the whole zombie botnet phenomenon, and more generally just the modus operandi of the malware perpetrators, is that they're becoming so sophisticated in what they're doing," Coroneos said.

"They are themselves investing tens of millions of dollars in research and development in ways to defeat the traditional tools and antivirus and anti-spam and anti-spyware software."

"That's very scary," he said, because the usual online safety messages about behaviour change won't work in the face of these attacks.

Traditional methods failing

Users are told to keep antivirus software up-to-date. But that won't protect them when, as Verizon Business forensics chief Mark Goudie told ZDNet.com.au, 70 per cent of the malware they discover on compromised corporate systems can't be detected by antivirus software.

They're told to visit only "trustworthy" websites. But that won't protect them when, as AusCERT general manager Graham Ingram told Crikey last August, "One of the top 20 traffic sites in this country was infected with malware over about a six-week period." Or when, as happened in 2007, the Sydney Opera House website was serving out malware.

They're told to check for the padlock icon in the web browser, to confirm that SSL encryption is connecting them securely to the right website. But that won't protect them when one particularly clever piece of malware can inject extra HTML code into specific internet banking web pages, adding extra data entry fields to the bank's online forms. That additional data is transmitted straight back to the criminals, but the browser's padlock icon is still showing things to be safe.

They're told not to run unknown software. But that won't protect them when, as in the case of Conficker, the worm wears a clever disguise.

Topics: Security, Software Development, Tech Industry


Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust.

He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit trap, clear a jam in an IBM model 026 card punch and mix a mean whiskey sour.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Of Course this a Microsoft problem

    As always, we get comments on how many "computers" are infected. Actually all these computers have one thing in common, the Operating System. They are are all Microsoft Operating systems.

    When will journalists and others acknowledge that this problem is specific to Microsoft?
  • Blaming Microsoft Wndows is shallow analysis

    No, it's not "a Microsoft problem". I can't speak for any other writers, but speaking personally I avoid such simplistic OS-war (non-)analysis because it's a smug, dangerous over-simplification that leads to complacency.

    Yes, the very architecture of Windows -- especially the continual deep inter-mingling of what should be separate layers of the OS and it's feature-bloat over-complexity -- make it an easier-to-crack target.

    Yes, the fact that many if not most home and small business users run as administrator, automatically removing most of the protection they might have had.

    Yes, let's repeat all the usual bleats about "Windows bad, everything else good".


    All operating systems can encounter zero-day exploits. And all applications can encounter zero-day exploits which can open up back doors without having to have access to the operating system itself. The recent problems with Adobe Reader are a significant case.

    All users can be tricked by social engineering into authorising access for malware -- and those attacks are getting so sophisticated that even well-informed users can fall for them.

    Yes, if through some overnight magic every Windows computer suddenly ran another operating system, the specific Windows-based attack vectors would be ineffective.

    And the next day after that the bad guys with the tens of millions of dollars of research money would turn their attention to the next weakest link in the technical chain. And a few weeks or months after that we'd see the same problems arise -- slowly at first, and then in increasing numbers and sophistication.

    And you know, they'd find it almost just as easy, because the weakest link in any security environment is not the software but the user. Even the most secure system, however you want to measure it, will be compromised by a single human error.

    Of course, Windows can't magically be replaced overnight, which is why I call the "Windows is bad, m'kay" sloganeering "non-analysis".

    We have a serious global problem related to the complexity of software and the inability of a typical computer user to deal with the threats they face.

    Raise a dialog box in front of a busy computer user with a bunch of jargon they don't understand and an "OK" button and they'll press it, because they want to get their work done. Game over.

    Long term, how do we fix that? Because wishing that we didn't have Windows isn't a real-world answer.
  • Ease of Use over-promoted

    I agree with Stilgherrian about the weakest link in the chain being the user.

    This problem is being made worse by all OS and application sales and marketing messages focusing on how trivially easy their OS of application is to use.

    An analogy would be telling pedestrians how useful crossing the road is but refusing to tell them of the danger of oncoming vehicles and how to avoid being hit one of them.

    While the "Don't mention the scary stuff" approach to OS and application marketing continues little will change irrespective of the brand of OS used.
  • But currently it *is* a Microsoft Problem

    It would seem to be common ground that currently the zombie machines are Microsoft machines. This is because they are vulnerable.

    It does not follow that if these issues were fixed that the exploiters would have the same amount of success against another OS. Not all OSs' are equally vulnerable. It is common knowledge that Microsoft security is near the bottom of the scale.

    Further when we move to apps, Microsoft is one of the few OSs configured so that compromising an app compromises the OS. Other OSs do not by default come configured that that way.

    Lastly unless you concede that by using Microsoft you are less smart than other OS users (which may have some merit as a claim) it is important that the mug user be protected from compromising an app compromises the OS.
  • Bull

    "Not all OSs' are equally vulnerable."

    Now this stupid comment couldn't surely be made by someone who is prepared to put their name to it, hence the obvious need to cover up with the anonymous tag.

    Windows machines are targeted for only one reason - there's more of them. Hackers aren't stupid and like a lot of other people believe in efficient work practices. More than 90% of the world's computers, including 95% of all desktops and laptops run a flavour of Windows. To get as many computers as possible available to launch attacks it would make sense to target that OS. Sorry to make all the Crapple lusers and Linux kiddies cry but that is the long and short of it.

    I have a mate who loves his Mac to death and swears blind he'd never own another Windows machine though even he admits that he doesn't like the tonnes of security updates and patches that Crapple makes him install week after week. I wonder why that would even be necessary on such a secure and flawless OS.
  • The Old Tired Volume Argument

    Market Share needs to be carefully defined. It is true that Microsoft has a majority of the desktop market, whatever that may mean. This does not mean, and is not true, that Microsoft has anything like a majority elsewhere.

    Microsoft leveraging off its market share gets its acolytes and drones to spout the market share means more attacks and hence more successful attacks mantras. But repetition, however vehement does not make something true, or even plausible. Good journalists know that, and IT professionals that have worked in more than one operating system environment know that.

    Here are some counter examples.

    1. Microsoft IIS is not anything like the majority of the web server market. Here are three prominent sites that have failed recently, MySchool, CFA and Myki. All run IIS. Name three apache2 based server sites of the same criticality that have failed or been compromised.

    2. Microsoft server variants are not anything like the majority of severs out there, especially if one removes stray false instances, or calculates on the basis of population served rather than number of servers. They do, however constitute the majority of the compromises, see CERT.

    The starting point of this was not to start an OS war, merely to point out that journalists have a duty to inform, so that the reader may form their own opinion, and assess the journalist�s opinion. This article did not do that. That�s the point. Not the defence of a particular OS regards of its merits or not.

    We do not pull punches naming Toyota for making faulty cars, why do we pull back on Microsoft for making flawed operating systems?
  • An "open architecture" OS is always going to attract hackers.

    Back in the DOS days when MAC was only just getting its toes wet by attempting to infiltrate the education market--I saw more Mac Virus infections than PC Virus infections.

    Ownership is the issue here. If WORD created a DOC file, then only WORD should be able to write to that file. If OpenOffice wants to READ that file, no problem, but if it wants to WRITE it--hold it right there buddy, you write your own ODT file and get USER permission to delete the DOC version.

    Sticking to the same suite: Yes, it's great that Word can read an Excel spread sheet and display it as a pretty table in a document, but who in their right minds allows word to write information back to the .xls file!?

    If Microsoft spent the same money closing these loopholes as they do writing deliberate "anti-piracy" loopholes THEN we would have a secure OS.