Is Your PC a Zombie?
Millions of spam messages are sent each day. Hundreds and thousands of computers take part in a (DDoS) distributed denial of service attack against a single Website. The scary part is the fact that your computer may be doing all these things without your knowing anything about it. Your computer may be a zombie and operating as part of a botnet.
A zombie computer is one that has been hijacked by someone else and carries out instructions in the background, such as taking part in a DDoS attack, sending out spam, or spreading malware. In the case of a DDoS attack, the computer receives the name of the target Website and instruction on when to begin the attack.
While there are many ways a computer can become a zombie, the most common is via a Trojan installed on the system when a malicious email attachment was opened. The Trojan runs quietly in the background and opens a backdoor to allow the attacker access, or just waits for instructions.
The entire point of the zombie is to be stealthy so that you don’t find and remove the infection. Since you likely don’t even know that your computer is engaged in any illicit activities, it’s even more difficult to figure out that it is actually a zombie.
Sure, there may be some hints, such as unexplained error messages and computer crashes. In the case of the spam-sending zombie, you may find unfamiliar messages in the outgoing mail folder. Perhaps the computer is really slow or the network feels really sluggish even though you don’t have a lot of programs open. These indicate some kind of a malware infection, not necessarily of a zombie.
Still, it’s a good first step to run an up-to-date antivirus or anti-spyware tool to try to remove the malware. Some malware variants disable antivirus or block it from running. If that is the case, try several different antivirus scanners to find one getting past the malware and cleaning up the infection.
The most thorough way to clean up an infection is to do a system wipe, reinstall the operating system, and restore from backups. Running a security software product to detect and remove the infection is still worth a try.
A personal firewall software is also useful. Firewalls act as filters between the computer and the Internet, and block unknown traffic from entering the computer. Personal firewalls also track what kinds of communications are leaving the computer. By setting the firewall to the maximum level, you can track all incoming and outgoing traffic.
By keeping a close watch on the network requests, you can create a short list of potential zombie programs. If there are repeated requests from the same application to a handful of destinations, chances are you have uncovered the zombie process. At this point, it’s just a matter of removing and uninstalling that malicious program. This frequently becomes a multi-restart process because malware tends to travel in packs and several variants are expected to be on the same computer.
The best defense against zombie infections is to focus on prevention. Don’t click on file attachments, especially if you aren’t expecting something and there is nothing in the email to indicate it is legitimate. It may be worth just picking up the call and verifying that attachment was sent on purpose. Keep the operating system, software, Web browser, and security software up-to-date. Run the security software before opening up a file attachment.
Don’t let that malware get on the computer and turn you into a zombie in the first place.
Is Your PC a Zombie? - ZoneAlarm Blog