December 5, 2016

Zombie computers and how to avoid them

Threats Tips

You’ve probably heard the word botnet more than once recently, and that’s hardly surprising. Any connected device can be zombified — turned into a part of a botnet. These include PCs, smartphones, tablets, routers, Wi-Fi refrigerators, smart toys, and a lot of other gadgets.

Zombie computers and how to avoid them

In this post we explain what a botnet is, the bad things a botnet can do, and how to protect your gadgets from becoming a part of a botnet.

Botnets: What are they?

A botnet is a group of Internet-connected devices that have been infected with special malware. The kind of malware that creates bots, or zombies, works covertly, acquiring administrative rights and giving control over the device to cybercriminals without betraying its presence. The hacked device works as usual — but it also simultaneously follows orders from the commander of the botnet. Together, the infected devices form a powerful infrastructure that is used to commit cybercrimes.

Some botnet commanders specialize only in botnet support and expansion. They rent these malicious tools to other criminals who use them to attack and do other bad things. Here are four most common ways to use a botnet.

DDoS
The best-known way to use a botnet is to organize a distributed denial-of-service (DDoS) attack. A botnet simply overloads a server with superfluous requests. The overwhelmed server fails to process them and becomes unavailable for regular users.

The more connected devices in the botnet, the more powerful a DDoS attack will be. The thing is, almost any Internet-connected device can be used in such attack, including things you don’t think of as really using the Internet, such as surveillance cameras or Wi-Fi printers.

Today, connected devices number in the hundreds of millions, but very soon there will be billions of them. Not all of them are protected good enough, so they are likely to be a part of some botnets. And big botnets are capable of doing some really nasty deeds. About a month ago, in October 2016, criminals used a DDoS attack to disrupt the work of more than 80 major Internet services, including Twitter, Amazon, PayPal, and Netflix.

Spam
If your spam filter works imperfectly, you don’t have to imagine how easily spam can overflow an inbox. But did you know that usually spam campaigns are performed with the help of zombies? Criminals need botnets to trip up providers and special agencies, which block their e-mails and IP addresses to stop the flow of spam.

When a computer is infected, cybercriminals use its owner’s e-mail to send spam. In addition, they add contacts from compromised e-mail to their own spam databases. It’s a nasty trick.

Data theft
Of course, contact lists are not all that criminals can steal from hacked devices. The malware pack that turns a computer into a bot can have a number of additional features. Sometimes it steals passwords for mobile and Internet banking. Some Trojans can also change Web pages in your browser to phish critical financial data such as your credit card PIN code.

Recruiting
Botnets are also used to search for new vulnerable devices and infect them with other Trojans, viruses, and yes, of course, special malware that makes them join the botnet.

How to stay safe

These simple rules can reduce your risk of infection.

1. Change the default passwords of all of your routers, webcams, printers, smart household appliances, and other connected devices.

2. Always install firmware upgrades and security updates for your operating system and software.

3. Do not use the admin account on your PC or laptop. Do not keep root access turned on all of the time on your mobile devices — or don’t use it all, which is even better.

4. Be very careful if you download anything from third-party websites (and especially if you download pirated content). Criminals often spread malicious files as hacked games or software.

5. If you download anything from torrent trackers or other unreliable places, check all files with a good antivirus program.

6. Even if you don’t engage in risky, illegal activities online, install a reliable security solution — and pay attention if it notifies you of suspicious actions.