In computing, a zombie is a computer connected to a network that has been compromised by a cyber-criminal.

What is a zombie?

In computing, a zombie is a computer connected to a network that has been compromised by a hacker, a virus or a Trojan. It can be used remotely for malicious tasks.

Most owners of zombie computers do not realize that their system is being used in this way, hence the comparison with the living dead. They are also used in DDoS attacks in coordination with botnets in a way that resembles the typical zombie attacks of horror films.


What are they used for?

Zombies are frequently used in denial-of-service attacks (DDoS), which refers to the saturation of websites with a multitude of computers accessing at the same time. As so many users are making requests at the same time to the server hosting the Web page, the server crashes, denying access to genuine users.

A variant of this type of saturation is known as degradation-of-service attack and uses 'pulsing zombies': degradation of the service by periodically saturating the websites at a low intensity, with the intention of slowing down, instead of blocking, the targeted website. Such attacks are difficult to detect, as the slow service may go undetected for months or even years or is simply assumed to be due to other problems.

Zombies have also been used for sending spam. In 2005, it was estimated that between 50% and 80% of all spam in circulation had been sent by zombie computers. This technique is useful for criminals as it helps them avoid detection and at the same time reduce bandwidth costs (as the owners of the zombies will bear the cost).

This type of spam is also used for spreading Trojans, as this type of malware is not self-replicating but relies on circulation via email in order to spread, unlike worms that spread via other means. For similar reasons, zombies are also used for fraud against sites with pay-per-click contextual ads, artificially increasing the number of hits.


Major attacks

In 2000, several high-profile websites (such as Yahoo or eBay) crashed thanks to a distributed denial-of-service attack carried out by a Canadian teenager using the nick MafiaBoy. Later, other large scale denial- and degradation-of-service attacks used the same model, such as the one targeting anti-spam systems, like SPEWS in 2003 or the one aimed at Blue Frog in 2006.

More recently, in 2010, a criminal network called Mariposa, with control over some 13 million computers, was brought down in Spain by the Telematic Crime Brigade of the Spanish Civil Guard and the perpetrators were arrested. They had in their possession data from 800,000 people across 180 countries.


How to protect yourself

Common sense and caution are the best security tools for preventing these types of attacks. Sensible advice includes not visiting suspicious websites, not downloading dubious files and not clicking anything in suspicious messages.

It is also advisable to avoid unprofessional websites or those of unknown companies, only download things from trusted sources, and implement security measures on your computers, such as antivirus, antispam or firewall solutions.