Top Zombie, Trojan Horse and Bot Threats

Updated: August 20, 2012

Nobody wants to have his or her computer turned into someone's mindless slave: a zombie. A perfectly normal computer is transformed into a zombie when a bot — an automated "software robot" — is installed inside its operating system. The bot transfers control of the computer over to a black-hat hacker who then makes the machine part of a zombie network — a botnet — that can collectively unleash torrents of spam , DoS (denial of service) attacks and various other types of nefarious activities.

Once a computer has been transformed into a zombie, it can also be used to convert other ordinary computers into zombies. It doesn't take much for an infected system to recruit other machines into a botnet. Open Internet ports — backdoors — can be pried opened by viruses, worms or Trojan horses when they infect computers. After the backdoor is opened, the bot is installed, often by the same virus, and the computer becomes a zombie.

The best way to keep a computer from becoming a zombie is to protect it with frequently updated anti-malware software . Here's a quick rundown of the top zombie-related threats that anti-malware vendors and their customers currently face.

Backdoor Trojan Horses

Backdoor Trojan horses are a highly dangerous and widespread kind of malware . Functioning as remote-administration utilities, these Trojan horses open infected machines to external control through the Internet. They generally operate in the same way as legitimate remote-administration programs used by system administrators, which makes them difficult to detect.

Trojan Horse Clickers

These Trojan horses stealthily redirect infected computers to specific Web sites or other Internet locations. Clickers function either by sending the required instructions to the computer's browser or by replacing the Internet URLs stored in system files.

Clickers can be used to coordinate a zombie DoS attack on a specified server or site. A financially driven clicker use is the direction of zombies to a particular Web site in order to raise the advertising hit count. A clicker can also be used to direct infected machines to a Web site, where it will be attacked by yet other forms of malware.

Trojan Horse Downloaders

Trojan downloaders surreptitiously download and run other malware files, such as backdoor Trojan horses, from remote Web and FTP sites. The malware is activated on the infected system without its user's approval.

Trojan Horse Notifiers

A Trojan horse notifier is a malware tool that notifies an attacker about a particular event. It might, for instance, tell a backdoor author that it's installed on a computer with a specific IP address on a specific port, helping the attacker to seize control of the system. Notifiers communicate in several different ways — by sending emails or instant messages or even by contacting specified Web sites directly — to inform malware authors about particular events.

Trojan Horse Proxies

Functioning as an illicit proxy server, Trojan horse proxies are designed to give black-hat hackers anonymous Internet access via infected computers. Proxies are a prime tool for spammers, who try to infect and recruit as many computers as possible for their mass mailings.

Rootkits

A rootkit is a collection of software tools that allows administrator-level access to a computer. A rootkit is typically installed on a computer after one first obtains user-level access, either by exploiting a known vulnerability or by cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network. Rootkits work either by replacing system files or libraries or by installing a kernel module.

Featured Research