How to Fix Your Zombie Computer

Your computer could be committing crimes right now. Even as you read this article, it could be working as part of a secret network of machines designed to bring down Web sites or flood e-mail boxes with ads for low mortgages or erectile dysfunction medications. If the authorities link attacks back to your computer, you might take the fall even though you're not at fault.

Whether you call it a zombie computer army or a botnet, it's bad business -- millions of computers have already fallen under the control of malicious hackers known as crackers. These crackers rely on several strategies aimed at getting you to download and execute a piece of malicious software, or malware. If you fall into the trap, your computer becomes compromised.

What can happen if your computer becomes a zombie? Zombie applications give crackers access to your machine, usually by exploiting a security vulnerability or creating a backdoor entry point. Once a cracker establishes this link, he or she can manipulate your computer. Some botnet applications allow the cracker to control your computer remotely. Others give the cracker the ability to look at your private information and steal your identity.

One of the most common botnet applications is spam distribution. According to Symantec's MessageLabs, the Cutwail botnet alone was responsible for 6.5 percent of all spam messages in February 2009 [source: MessageLabs]. That means the computers of innocent victims are sending out millions of e-mail messages to people around the world.

Another botnet application is the distributed denial of service (DDoS) attack. The cracker first creates a large botnet by convincing victims to execute malware. Then the cracker arranges an attack on a particular Web server at a specific time. When that time comes, the botnet computers simultaneously send messages to the target Web server. The sudden rush of Internet traffic makes the Web server unstable and brings it down. The victims of these attacks are often high profile targets like CNN and Yahoo.

So what do you do if you discover your computer is part of a botnet?

Recovering from a Botnet Attack

The most effective botnet applications disable antivirus and spyware detection software. If your computer slows down even when you're not using several applications at once, you might have a zombie problem. If you encounter error pages or denials when you try to visit sites that offer antivirus or spyware programs, that's a dead giveaway that something is wrong.

The best way to get rid of a botnet application is also the most painful: a complete system wipe and backup restoration. You do back up your hard drive, don't you? You should perform regular backups just in case you have any sort of catastrophic failure.

If you have personal firewall software, you might be able to detect the specific application on your computer that's giving someone remote access to your machine. Firewalls act as filters between your computer and the Internet. Most firewalls have multiple security settings. First, set your firewall to the maximum security level -- this should require notifications for any application seeking access to the Internet. Then, reboot your computer.

Keep a close watch on network requests. Jot down the names of any applications that are unfamiliar to you, particularly if you haven't done anything to activate that application. Don't allow any application you don't recognize or trust to access the Internet. If you get repeated requests from the same application, that's a good indication that it's responsible for turning your computer into a zombie.

You may need to do some research on the Web regarding the application to see if other people have identified it as malware. You'll need to find a list of all the files associated with that application and where you can expect to find them on your computer. Only by removing all of the offending files can you be sure your computer is free of the malware. In fact, you may have to go through the process several times to be certain you've cleared everything away -- one piece of malware often invites other applications and programs to join the party, too.

Of course, this method is a little risky -- you could accidentally remove a file that your computer relies on to function. It's often a better idea to just wipe the computer completely rather than assume you've caught all the offending software.

The best advice we can give is to avoid becoming a victim in the first place. Next, we'll look at ways you can protect yourself from joining a zombie computer army.

Avoiding Botnets and Zombies

No one wants to perform a complete system wipe and then restore from backup copies, even if they perform backups on a regular basis. It's better to know what to watch out for and protect yourself before it's too late.

First, protect your system. Use encrypted password protection for your home and office network. Install a firewall to help block attacks from hackers and keep an eye on your network traffic. It's also a good idea to use reliable antivirus and spyware detection applications. You can find several varieties -- commercial programs and free applications -- online.

The other way you can protect your computer is to practice careful Web browsing habits. Don't click on random Web links to sites you've never heard of before. If you encounter a pop-up window that prompts you to download antivirus software or claims that it will scan your computer for malware, don't click on it. Often these pop-ups are really scams -- clicking on them could install malware on your computer.

Scams can come to you through other sources as well, particularly through e-mail. Avoid clicking on hyperlinks in e-mail messages. If you receive a message from a bank that you don't belong to, you should definitely avoid clicking on any links. This is a common phishing scam designed to convince you that your money is at risk. Other scams try to trick you into clicking on links by promising huge profits for little or no investment. Don't fall for these tricks.

Even social networking sites like Facebook sometimes fall prey to malware scam artists. Before you start installing every Facebook application that crosses your path, do a little research. Some applications are really just a cover for malware.

Finally, avoid seedy Web sites, particularly sites that deal in one of the three Ps: pirated content, passwords and porn. These sites represent the bad neighborhoods on the Web -- visiting them is practically an invitation for malware. Today, many Web browsers will alert you if you try to visit a site known for hosting malware. Pay attention to these warnings -- no matter what content the site hosts, it's not worth it if a cracker takes over your computer.

If you stay vigilant and practice safe Web browsing, you will likely avoid the necessity of repairing a zombie computer.

Learn more about software that goes bump in the night by reading the articles listed on the next page.

Lots More Information

Sources

Blass, Steve. "Removing botnet apps from a PC." NetworkWorld. Nov. 21, 2005. (March 20, 2009) http://www.networkworld.com/columnists/2005/112105blass.html
Computer Knowledge. "Botnet." (March 18, 2009) http://www.cknow.com/ckinfo/b/Botnet-Anetworkofremote-c.html
Dittrich, David. "Lifecycle: Preventing, detecting and removing bots." March 20, 2005. (March 19, 2009) http://searchsecurity.techtarget.com/tip/0,289483,sid14_gci1068906,00.html
Ducktoes Computer Repair and Spyware Blog. "Are you feeling like a Zombie? Then remove that Botnet!" Jan. 17, 2009. (March 19, 2009) http://www.ducktoes.com/blog/2009/01/17/are-you-feeling-like-a-zombie-remove-a-botnet/
MessageLabs. "MessageLabs Intelligence." (March 19, 2009) http://www.messagelabs.com/intelligence.aspx
Robertson, Jordan. "How to tell, what to do if computer is infected." AP News. March 15, 2009. (March 17, 2009) http://hosted.ap.org/dynamic/stories/T/TEC_INSIDE_A_BOTNET_CHECKLIST?SITE=ILEDW&SECTION=HOME&TEMPLATE=DEFAULT