You run your anti-malware scan and find out that your computer has been turned into a zombie; a machine that follows the orders of a command and control server somewhere off in cyber space.
Your computer, once controlled as part of a botnet, is now at the whim of the person who infected it. Until you successfully remove the malware that causes it to report back to the command and control server it remains part of a network of other zombies used to send mass spam emails or worse, used in Denial of Service attacks launched against businesses or government websites.
But just how did your computer arrive at this state? What made it change from a tool that helped you check emails, access the Internet or write up reports to part of a criminal organization bent on destructive activities?
Most likely, it started with a phishing trip.
Phishing, Not Fishing
If you don’t know what phishing is, you need to start using the Internet to do a bit more research about computer security. Not knowing the effects of phishing is kind of like not knowing how dangerous it can be to leave your car unlocked with your wallet sitting on the front seat.
When you fall victim to a phishing attack on of two things usually happen. One, you give up sensitive information like your bank account number, a credit card number or even login information. This is bad, but it is not what caused your computer to run with a bad crowd. The second type of phishing attack is likely to blame.
You see, some phishing attacks tell you to click a link or download something. The file you download and install is actually malware that infects your computer. The link, well it infects your computer as well by taking you to a malicious web site that can infect your computer through a practice known as drive by downloads. Either way, your computer is infected.
Ok I’m Infected, Now What?
Some malware is used as keystroke loggers whose intent it is to capture things you type and send that back to a database somewhere. This is another way bad guys can steal things like credit card numbers and login information. Others install scareware onto your computer. These programs tell you that your computer is infected and offer a great deal on software that can remove the infection.
Other malware gets you by turning your computer into a zombie. And this is the hardest type to detect; unless you know what to look for.
To tell if your computer is a zombie look for the following symptoms:
- Your network or internet connection is extremely slow
- Your computer is running slow or crashes frequently
- You cannot access certain websites
- Your security software alerts you to programs or processes that are trying to access the Internet
All this happens because the botnet your computer is part of is being used to attack other systems. In the case of a Denial of Service attack, your computer is one of many that is continually connecting to a web site in order to bring it down. By flooding that site with traffic loads that the hosting server cannot handle, the site crashes and legitimate visitors cannot access it until the problem is fixed.
Keeping your computer’s anti-virus software up to date and running it frequently is one way to keep your computer from turning into a zombie, but clicking on links and downloading attachments in phishing emails will continue to cause your computer to become infected with the latest zero-day attack before your anti-virus knows what hit it.