The harm of new Zombie network and its defensive measures

The exact definition of a zombie network

A botnet is a logical network of commands controlled by virus-infected and malicious software installed on the host. It is not a topological network in the physical sense, it has a certain distribution, with the continuous spread of the bot program, new zombie computers are added to the network. According to a recent survey, up to 10% of computers on the web are infected by bot programs and become part of a botnet. After infection, these hosts will not be able to escape the control of bot owners.

Whether the botnet is large or small depends on the size of the host that the bot program infects and the maturity of the botnet. Typically, a large botnet has 10,000 separate hosts, and host owners are often unaware that their computers are being commanded by remote control via IRC (Internet Relay Chat).

Because the bot program mixes a lot of malware technology, it is difficult to describe exactly what is called bot program and the maturity of bot program. The techniques used by botnet attacks span traditional and emerging boundaries, and they often take the following methods:

Distributed denial of service attack (DDoS) attacks

In general, botnets are used to launch DDoS attacks, DDoS attacks are computer systems or networks that can cause service outages, typically by consuming the victim's network bandwidth or loading too many computational resources to crash the system. In addition, because DDoS attacks cause the number of packets sent per second, the bandwidth of the system is depleted. To date, all of the zombie computers we have analyzed are most likely to launch DDoS attacks against other hosts. The most common way is the TCP syn and UDPAB (user Datagram Protocol, Subscriber Datagram Protocol) flood attack mode. The script will DDoS is a way to solve all social problems.

Further research suggests that botnets may even be used by people with ulterior motives to launch DDoS attacks against rivals. Operation Cyberslam records the events of Jay R. Echouafni and Joshua Schichtel (his alias is EMP). Echouafni was charged with multiple charges on August 25, 2004, causing the protected computer to be threatened. He worked with EMP to manipulate a botnet to send large amounts of spam and to disable DDoS attacks on the spam blacklist server. In addition, their DDoS attacks on the world's largest online computing platform, Speedera, have made the site strike, only to defeat a competitor's website.

Since DDoS is not limited to Web servers, in fact, all forms of Internet services will become the object of their attacks. By using a particular form of attack, a high-level network protocol can be used as an effective tool for increasing network load, such as running countless search requests on a BBS in the victim's network or a recursive HTTP overflow. The so-called recursive HTTP overflow refers to the threat of a zombie computer that points to links on all sites from a given HTTP link and appears in a recursive fashion. This is also called Spider-like web attack.

Spyware and malicious software

Zombie networks, such as notorious zombies, often monitor and report users ' online behavior in a way that is driven by interest without the user's knowledge. They also install tools to collect information about the user's keyboard records and system vulnerabilities, and to sell the information to third parties.

Identity theft

Botnets also frequently deploy tools to steal information such as user identity information, financial information, or passwords on users ' computers, and then sell or directly use the data to gain profits.

Malicious advertising software

Zombies will also automatically download, install, and eject some malicious ads based on user surfing habits, or force users to browse through certain websites.

Junk mail

Most of today's Spam is zombies by zombie networks.

Internet fishing

Zombies can scan and determine which servers are vulnerable and can be used to attack, typically those servers are legitimate and have important confidential data (such as PayPal or bank site servers), and then steal passwords and other confidential data on the server.

Malicious bot programs have been infecting hosts on the internet in more insidious ways. In the 2007, Botnets became the main way to distribute spam and launch phishing attacks. In 2008, botnets sent spam accounts for 90% of the total number of spam messages. In the 2009, spam was transmitted directly through a peer-to-peer approach.