Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Zombie Byte: Symptoms, reanimation and cure

Aravindan Anandan, Consulting Systems Engineer, Asia Pacific, Barracuda Networks | Feb. 29, 2016
Enterprises must protect against invisible threats that patiently wait to attack. Once infected, this forgotten data can ‘eat’ efficiency and create vulnerabilities.

This vendor-written piece has been edited by Executive Networks Media to eliminate product promotion, but readers should note it will likely favour the submitter's approach.

In 2013, a horde of five million zombie computers launched a cyber-attack in 80 countries globally. Over 18 months, the botnet nicknamed 'Citadel' invaded home computers, recorded keystrokes, captured login passwords and stole financial information. None was spared from the onslaught of this digital invasion, and as a result, more than half a billion US dollars was stolen from banks - American Express, Bank of America, PayPal, HSBC, Royal Bank of Canada and Wells Fargo.

So how did these computers become zombies, allowing hackers to remotely access and steal information?

During the investigation, it was found that the computers contained zombie data, making the system vulnerable to malware attacks from outside. Much like the Greek Trojan Horse, zombie data is a subterfuge providing undetected entry points for malware that compromise systems from within, turning computers into zombie computers. The accumulation of these infected zombie computers trigged a botnet or DDoS attack where multiple compromised private computers targeted a single system, resulting in a Denial of Service (DoS) attack.

Symptoms and causes of a Zombie Byte

Usually via an office computer connected to a server, the user is unaware that their own system retains zombie data, which act as entry points for a hack or virus. These viruses 'zombify' the computer system, allowing the hacker to steal passwords and take screen shots of information under isolated direction.

In today's Unix operating system, zombie data are commonly made up of 'child' programs. Started and abandoned by 'parent' programs, these zombie data armies or 'botnets' can wipe out an overwhelming amount of data (a corporate website for example) off the internet in a single stroke. However, like all viruses, there needs to be an enormous collection of data that lack purpose and are left unchecked in order for these attacks to work. In a business setting, this vulnerability exists as PST files - data of former employees that are retained, backed-up and maintained on corporate networks in routine IT back-ups over long periods of time and then forgotten, even though there is no data value in maintaining the files.

28 Days Later: Deadly Zombie Computers

The Hacker News (It) reported in September 2015 that over 90 per cent of distributed denial-of-service network or XOR DDoS Botnets are in Asia. There is a growing trend where these attacks are primarily infecting LINUX systems, which is the system that the UNIX's DNA is based off. A network of compromised LINUX servers can wipe massive amounts of data and knock large websites off the Internet.

 

1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.