Information Warfare: Mighty Microsoft Mauls The Zombie Menace


October 18, 2010: Microsoft recently revealed that its software security system is now removing hacker software from over two million computers a month. But that's not good enough. So Microsoft is proposing that ISPs (Internet Service Providers) and operating system manufacturers work together to quickly identify infected PCs and block them from Internet access until they get cleaned up. It's easy for an ISP to identify an infected PC if that machine is being used to send spam or participating in a DDOS (Distributed Denial Of Service) attack on a web site. Both activities involve the PC transmitting a lot of easily identified data. But since the Internet based criminals can change their hidden software to transmit data in a less easily identifiable fashion, Microsoft is also proposing that Internet users have their PCs equipped with software that the ISP will use regularly to check if the PC is free of hidden hacker software. Machines that are not clean, and have owners who refuse to allow them to be cleaned, will lose their Internet access, or have it throttled way back. The is called the "public health" model for computer security. But to work most effectively, all ISPs, and the nations that regulate them, most cooperate. This presents a host of legal, political and diplomatic problems. The technical aspects, in contrast, are relatively easy to deal with. This is yet another effort to control the use of hidden software by criminal hackers to infect and take control of PCs worldwide. The good guys are actually winning this battle, but slowly. Too slowly.

The most powerful Internet weapons on the planet are botnets. And many of them are getting into uniform. Never heard of botnets? Your PC, at home or at work, may be part of one. In wartime, many of these botnets would be turned into weapons. A botnet can be used to shut down essential military networks, or infect military computers with destructive (to the computer) software. This isn't science fiction. It is real.

Botnets are large numbers of infected PCs, known as zombies, under the control of botherders (the people who run the networks, botnets, of zombies). Zombies are created by hackers, who write computer viruses that get into your computer from an infected website or booby trapped file attachment to spam email.

Currently, on any given day, 30-50 million of the billion or so computers on the planet are zombiefied. These captive computers are organized into botnets of thousands, or millions, of PCs that do the bidding of their controllers. The most common use of botnets is transmitting spam, and secret programs that create more zombies, or steal information (government secrets, or your banking information.) Internet criminals spend most of their time seeking out poorly protected PCs, connected to the Internet, that can be turned into zombies. This can cost up to a dollar per zombie PC. The "owners" of these zombies then uses them to make money (sending spam, launching DDOS attacks, for the most part.) Some botnet owners rent their zombies out. There is no honor among thieves, either, with some Internet crooks seeking out botnets, and using their tools to try and take control. The good guys play this game as well, seeking out the botnets, and purifying the infected machines by finding and deleting the hidden software that makes a PC a zombie.

The purification process is a growing business. Like other computer security companies, Microsoft equips their anti-virus software with the ability to remove the secret software that turns PCs into zombies. The most successful of these efforts is the one Microsoft operates, which automatically updates its operating system and its security software, and removes secret hacker software in the process. This effort is now setting over 25 million zombie computers free from their control software each year. Microsoft operating systems run 88 percent of over a billion PCs worldwide.

Currently, the most common reaction to the botnets, is to treat the creators and users of these botnets as criminals (which they are) and hunt them down. The U.S. FBI has been increasingly successful at this, by finding, arresting and prosecuting a growing number of botnet owners. For example, three years ago, the FBI announced that Operation Bot Roast had identified over a million compromised PCs, in scores of botnets. The FBI tried to get in touch with as many of these computer users as possible, and direct them to organizations and companies that can help them clean the zombie software out of their computers. Help can be had for free, although many of the compromised PCs were found to be clogged with all manner of malware (illegal software hidden on your machine to feed you ads or simply track what you do).

Most owners of zombiefied computers don't even realize their PCs have been taken over. Some with heavily infected machines, do notice that the malware slows down the PC, and there have been cases where the user just went out and bought a new computer. Usually, reformatting the hard drive and reinstalling your software works, and is a lot cheaper. But most computer users today don't know how to reformat a hard drive, or even get someone to do it for them.

The FBI has identified the operators of many botnet (networks of zombie PCs) operators, arrested some, and is still pursuing many others. To avoid the FBI, many botherders  seek sanctuary in countries without an extradition treaty with the United States. Criminal gangs are increasingly active in this area, and, in the case of China, so are government Cyber War operations. But even China has been hit by the hackers, and recently enacted laws against computer crimes.

The FBI has not commented on any Cyber War aspects of Operation Bot Roast, but they must have been substantial, and something the FBI and CIA are busy exploiting. The botherders know the FBI, and dozens of other police organizations, are looking for them, and hide behind multiple layers of electronic, and real world, deception. But given the amount of damage all these botnets can do, there is apparently a bit of urgency in taking them down, and quickly.





Help Keep Us From Drying Up

We need your help! Our subscription base has slowly been dwindling.

Each month we count on your contribute. You can support us in the following ways:

  1. Make sure you spread the word about us. Two ways to do that are to like us on Facebook and follow us on Twitter.
  2. Subscribe to our daily newsletter. We’ll send the news to your email box, and you don’t have to come to the site unless you want to read columns or see photos.
  3. You can contribute to the health of StrategyPage.
Subscribe   contribute   Close