Page last updated at 09:36 GMT, Thursday, 19 January 2006

Zombie PCs target vulnerable sites

By Jane Wakefield
BBC News website technology reporter

Alex Tew and his website Million Dollar Homepage
Alex Tew's website fell victim to a web attack
With the news that student millionaire Alex Tew has been targeted by blackmailers, the thorny issue of how to deal with denial-of-service attacks is back in the headlines.

Mr Tew's Million Dollar homepage, which sells pixels as advertising space, was brought down by a massive distributed denial-of-service attack launched after he refused to pay a $5,000 demand from blackmailers.

His venture is the latest in a long line of websites to fall foul of the net criminals who recruit so-called zombie PCs from around the world and use their net addresses to deluge sites with data.

According to security firm CipherTrust, any high profile website is ripe for this sort of cyber-crime, largely due to the ease with which attacks can be launched.

Net criminals intent on bringing down sites recruit mostly Windows PCs by infecting them with viruses or worms.

They then use the net addresses of these zombie PCs to deluge targeted websites with a huge amount of data, causing the servers to fall over and forcing the website offline.

Middlemen to crime

CipherTrust has been tracking the phenomenon of zombie computers for two years and has seen an alarming rise of nearly 50% in the number of infected machines being recruited over the past six months.

The middlemen in these attacks tend to be home users. People are contributing to the problem by the lack of security at home
David Stanley, CipherTrust
This is largely a result of the Sober virus which hit PCs around the world at the back-end of last year.

It estimates that 250,000 new machines are infected every day.

"China has the most zombie PCs at the moment and the US is regularly number two, with Germany at number three and the UK, with just 3% of infected machines, at number 10," said David Stanley, managing director of CipherTrust.

For firms affected by denial-of-service attacks, there is an important knock-on effect from the sudden rise in zombie PCs.

"It is likely we will see more denial-of-service attacks," said Mr Stanley.

As well as DDoS (distributed denial of service) attacks, zombie PCs are also used by net criminals to launch phishing attacks and send out spam.

For cyber-criminals, a DDoS attack is almost the perfect crime because it is virtually impossible to track down where it originated from.

And they also have the advantage of being able to recruit an army of unsuspecting home users, whose only crime is to pay less attention than they should to computer security.

"The middlemen in these attacks tend to be home users. People are contributing to the problem by the lack of security at home," said Mr Stanley.

People may never realise that their machine has been used in such an attack and their lives as an accessory to a criminal gang is relatively short-living. Mr Stanley estimates the amount of time an infected PC is used for criminal activity is about four days.

For anyone worried that their home computer is being used as a zombie, a key sign is the sudden slowing down of the system.

"If that happens while you are sitting at the machine, unplug it and clean it up," advised Mr Stanley.

Changing course

Historically, net blackmailers have targeted firms that can ill-afford downtime, such as online betting sites and online payment firms.

Horse racing
Online betting sites have been regular targets for web attacks
Paul Court is director of operations at web hosting firm Globix and, with both betting sites and online payment firms on the books, is used to seeing sophisticated DDoS attacks.

He admits it is a daily fight to keep the criminals at bay. But the problem has been eased by a series of techniques, including using multiple routes for traffic to get to websites and diverting suspect traffic while filters are put in place.

The fact that the targets of the past are wising up to the problem may be one reason that the criminals are now turning their attention to smaller websites.

"Smaller websites tend to have quite basic hosting and these cheaper deals offer little or no protection against denial-of-service attacks," said Mr Court.

It is also difficult to fix the problems retrospectively and rarely comes cheap.

As the internet enters a new era of entrepreneurship, new websites, especially those that hit the headlines, will inevitably be targeted as Mr Tew has found to his cost.

Websites must decide whether to risk being left exposed, or dig deep in their pockets and set up the necessary battlements to protect themselves against such attacks.

SEE ALSO
Blackmailers target $1m website
18 Jan 06 |  Technology
Penalty plea on cyber criminals
12 Jul 05 |  UK Politics
Online service foils ransom plot
31 May 05 |  Technology
Net fingerprints combat attacks
29 Mar 05 |  Technology
Man accused of 'zombie' web blitz
14 Jan 05 |  Scotland

RELATED INTERNET LINKS
The BBC is not responsible for the content of external internet sites


FEATURES, VIEWS, ANALYSIS
Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit

BBC navigation

BBC © 2013 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.

Americas Africa Europe Middle East South Asia Asia Pacific