As legislation emerged cracking down on spammers, those who ran zombie computer networks (botnets) started pursuing more clandestine ways to continue their operations.
Zombies are ordinary PCs infected with a piece of malicious code - known as a bot - that instructs the PC to secretly log onto an online chat room and obey the instructions issued by the chat room's controller.
First, a computer virus installs a "back door" program that leaves an Internet port on a PC open. The hacker then probes PCs connected to the Internet to look for open ports and, when they find one, they install a bot on its hard drive.
Because bots can be placed on any number of PCs, and chat rooms provide a useful central location from which to control them, there is no technical limit to the size of a botnet. Almost all botnets use Internet Relay Chat (IRC) servers because of the common commands, says Kevin Hogan, senior manager for Symantec Security Response.
Security experts call these bot-loaded PCs "zombies", since the hacker can wake them from the dead on command.
When the zombies read the command in an Internet chat room they were monitoring, they began firing a blizzard of page requests at the servers hosting the company sites. Result: the servers effectively got tongue-tied trying to service the requests, and had to go offline until the attack ceased.
Once a zombie is found, the bot inside can be dissected to find the address of the controlling chat room so it can be taken down and the controller traced.
But hackers are now covering their tracks by encrypting the chat-room address or by making the bots corrupt their own program code when extracted.
Moreover, increasingly botnet administrators have customized IRC commands, and many well-known commands that allowed for the remote querying of zombie machines have been disabled, Hogan said. "We simply cannot see the extent of the botnet in most cases," he said.
Zombie networks give hackers access to huge amounts of distributed bandwidth and processing power and have been blamed for recent increases in spam, denial-of-service (DOS) attacks, blackmail attacks on companies and other organized cyber-crime - something that has again come to light with a high-profile attack on The Million Dollar Home Page, a novel advertising website idea by a British college student. Hackers hijacked the Web site and demanded $50,000 in ransom to restore it, the Financial Times reported.
While DDOS attacks are nothing new, they used to have a limited impact. A group of hackers would agree on a time to simultaneously contact the target Web server manually, but they could rarely conscript enough attacking PCs to overwhelm every channel of a major-league website. But botnets make it a piece of cake to orchestrate distributed attacks from a vast ad hoc network.
These zombie networks account for a large percentage of unsolicited e-mail being sent on the Internet, said Don Blumenthal, Internet lab coordinator at the Federal Trade Comission (FTC). "I've seen estimates that anywhere from 80% to 90% of the spam out there is processed through" zombie networks, he said. "It is certainly a critical problem."
Law enforcement authorities have become more adept at putting together task forces to track down botnet admins. They have countered by sticking to smaller groups of around 20,000 machines that are less likely to be detected as quickly.
E-mail this story
Printer-friendly version 
Bookmark this page