Latest Updates:

How To Ensure That Network's PCs Don't Become Compromised

Zombie-computer-saimoom-shinemark-2011

A Zombie computer or “bot” lets an unauthorized person gain control over it. A hacker, a malicious website or e-mail, or a tainted USB drive is typically the source of infection. The zombie or bot patiently waits to be summoned to perform some nefarious task often as a part of an army often of thousands, or even millions, of zombie computers, called a bot net.

Attackers can access lists of zombie computers and activate them to help execute denial of service (DoS) attacks against websites, to host phishing websites, or to send spam e-mail messages. Tracing an attack back to its source leads only to an unwitting victim rather than the true attacker.

Identifying a Zombie Computer

Zombie infections are good at hiding so they are not noticed and escape removal. They often have file and process names similar, or even identical, to normal system file names and processes so users won‘t think twice if they do see them.

Fortinet, a network security company, recently issued a Zombie Awareness Month Computer Survival Guide to help users defend against a zombie invasion. According to the guide, "The most likely way a computer becomes infected is by landing on a malicious link."

Short, cryptic messages telling users to watch a video clip (or asking "Is this you in this video?") and containing a shortened or obfuscated link that hides the true destination address have plagued Facebook and other social networks websites.

Even after clicking on the malicious link, you may be unaware that your computer has been compromised or infected. The invader will try to send the same message with the same cryptic video link to your contacts, but your friends may think that the message is suspicious and wonder why you would send a video link.

As the Fortinet guide explains: "A smart friend will ping you and ask, "Why did you send this video to me?" If you know you did not send a video link to your friend, you can pretty much bet you have become infected or that your account is compromised."

Protecting Against Zombies

Anti-malware utilities, if you keep them up to date with the latest signatures, will proactively protect computers from most zombie or bot infections. But the signature based security model always has a lag that leaves your systems vulnerable to a new attack while the security vendors develop detection tools for the new threat.

"The best way to disable (a zombie infection) and then kill it is to quarantine it (and the best way to do that is to disconnect the suspected zombie from the network)," Fortinet's guide says. "Then run a virus scan which if your software’s up to date, should find it and rub it out."

The guide concludes: "Zombie computers can be quite devious. Therefore, the best line of defense is to prevent infection in the first place, an initial infection can grow worse over time." That means using antivirus software, firewalls, and so called unified threat management (UTM).

The very best defense, though, is common sense along with a healthy dose of skepticism. User awareness is an IT administrator’s friend. You want your users to be the friend who contacts the source of a funny or smiley video message to tell that person about the suspicious message and warn that their computer may be a zombie.

  • Blogger Comments
  • Facebook Comments

0 comments:

Post a Comment

Hi, Your are most welcome and feel free to share your comment(s). We will try to response your comment(s) as soon as possible.

Please DON'T spam here. Spam comments will be deleted just after our review.

Thank You For Being With Us.