Top Zombie, Trojan Horse and Bot Threats

Updated: April 30, 2009

Nobody wants to have his or her computer turned into someone's mindless slave: a zombie. A perfectly normal computer is transformed into a zombie when a bot — an automated "software robot" — is installed inside its operating system. The bot transfers control of the computer over to a black-hat hacker who then makes the machine part of a zombie network — a botnet — that can collectively unleash torrents of spam , DoS (denial of service) attacks and various other types of nefarious activities.

Once a computer has been transformed into a zombie, it can also be used to convert other ordinary computers into zombies. It doesn't take much for an infected system to recruit other machines into a botnet. Open Internet ports — backdoors — can be pried opened by viruses, worms or Trojan horses when they infect computers. After the backdoor is opened, the bot is installed, often by the same virus, and the computer becomes a zombie.

The best way to keep a computer from becoming a zombie is to protect it with frequently updated anti-malware software . Here's a quick rundown of the top zombie-related threats that anti-malware vendors and their customers currently face.

Backdoor Trojan Horses

Backdoor Trojan horses are a highly dangerous and widespread kind of malware . Functioning as remote-administration utilities, these Trojan horses open infected machines to external control through the Internet. They generally operate in the same way as legitimate remote-administration programs used by system administrators, which makes them difficult to detect.

Trojan Horse Clickers

These Trojan horses stealthily redirect infected computers to specific Web sites or other Internet locations. Clickers function either by sending the required instructions to the computer's browser or by replacing the Internet URLs stored in system files.

Clickers can be used to coordinate a zombie DoS attack on a specified server or site. A financially driven clicker use is the direction of zombies to a particular Web site in order to raise the advertising hit count. A clicker can also be used to direct infected machines to a Web site, where it will be attacked by yet other forms of malware.

Trojan Horse Downloaders

Trojan downloaders surreptitiously download and run other malware files, such as backdoor Trojan horses, from remote Web and FTP sites. The malware is activated on the infected system without its user's approval.

Trojan Horse Notifiers

A Trojan horse notifier is a malware tool that notifies an attacker about a particular event. It might, for instance, tell a backdoor author that it's installed on a computer with a specific IP address on a specific port, helping the attacker to seize control of the system. Notifiers communicate in several different ways — by sending emails or instant messages or even by contacting specified Web sites directly — to inform malware authors about particular events.

Trojan Horse Proxies

Functioning as an illicit proxy server, Trojan horse proxies are designed to give black-hat hackers anonymous Internet access via infected computers. Proxies are a prime tool for spammers, who try to infect and recruit as many computers as possible for their mass mailings.


A rootkit is a collection of software tools that allows administrator-level access to a computer. A rootkit is typically installed on a computer after one first obtains user-level access, either by exploiting a known vulnerability or by cracking a password. Once the rootkit is installed, it allows the attacker to mask intrusion and gain root or privileged access to the computer and, possibly, other machines on the network. Rootkits work either by replacing system files or libraries or by installing a kernel module.

Related Categories
Featured Research
  • Securing Enterprise Information Technology

    In the 1980s and 1990s, business applications and data were largely confined within and protected by a Local Area Network (LAN). The 2000s introduced a significant change. Download this white paper now to learn why the shift to the cloud is changing how companies think about and manage their IT infrastructure. more

  • Office365 Adoption eGuide

    Microsoft moved to the cloud in 2014, and, as a result, Office 365 is taking off. Now, Okta customers are connecting to Office 365 in increasing numbers. This eGuide explains why IT departments should plan and deploy solutions around identity and mobility management in concert with their Office 365 roll out to get maximum user adoption. more

  • Okta Directory Integration

    For most companies, Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) play a central role in coordinating identity and access management policies. When on-premise applications are integrated to Active Directory or LDAP, users get the best possible experience. That's why Okta's cloud-based identity and access management service provides a highly useful single integration point. more

  • Top 8 Identity and Access Management Challenges with Your SaaS Applications

    With more and more businesses adopting Software-as-a-Service (SaaS) applications, enterprise IT is fundamentally changing. This whitepaper presents the eight biggest Identity and Access Management (IAM) challenges associated with adopting and deploying cloud and SaaS applications, and discusses best practices for addressing each of them. more

  • Better BYOD with Pulse Secure and MDM Partners

    Learn how Pulse Secure and leading MDM product partners are transforming the way employees and IT benefit from the productivity and flexibility of BYOD — without compromising security or increasing management complexity. more