If you’ve ever experienced a distributed denial of service (DDoS) attack, click fraud, phishing, malware installation, or spam emails, it is likely these unwanted intrusions came from a computer on the internet known as a “zombie machine.”
Not sure if these apply to you? Download our new ebook on the 15 most dangerous threats to mobile security.
Zombie machines are ordinary networked computers that have been infected with malicious software that causes them to spew material to any computer online that’s not well-protected by the latest trusted security software. A collection of zombie machines, controlled at one source, is known as a “botnet.” Usually owners of “zombie” computers don’t even know that their computer has been infected. Botnets provide a cover for those online who are truly out to harm you.
Interestingly, many people don’t think of their mobile phones as a computer, and therefore don’t worry too much about whether their device has been turned into a zombie machine. But an “iPhone 6 has 58 times the speed and 64 times the storage of the 1989 CRAY-2 supercomputer,” so it is time to stop thinking of your mobile phone as anything less than a powerful computer.
According to Check Point’s ZoneAlarm blog, signs that any computer, including mobile phones and tablets, are being used as a zombie machine include:
- Slow performance
- Unexplained error messages
- Frequent crashes
- Unrecognized messages
- Long time to start up or shut down
- Unexpected loss of storage space
- Web browser closes unexpectedly
- Access to security websites is blocked
In doing the research for this blog post, I went looking for articles and apps on the detection of mobile zombie machines, and came up with very little. There are two apps in Google Play that may be useful: Virus Tracker, which checks its database of more than 2 billion records to see whether your IP address is listed in known botnets, and Device Monitor, which “warns about connections to end-points that are reported within malware/central-clearing-house databases.” ComputerWeekly.com lists four behavior patterns – signature-based, anomaly-based, DNS-based and mining-based – that may be used for botnet detection on any computing devices. The post suggests some additional detection software that may be useful.
If you think that your computer/mobile device has been compromised and is now a zombie machine, you should immediately scan it with several different anti-virus and anti-malware programs. A second program may pick up a virus or malware that the first one missed. Then, run a rootkit detection program, and set your firewall to the highest security level. If that doesn’t work, you may have to wipe your hard drive and start with fresh copies of your operating system and apps.
Maintaining security is an ongoing task that includes being vigilant, not opening attachments and links that you don’t know or trust, and using the most-up-to-date security software. As well, the computing industry needs to design and develop better methods for botnet detection and removal of zombie software.