Geek Speak: Are Zombie Botnets Attacking Your Website?
9/23/2015
Following up from last month's post about cyber security, we want to share additional information regarding Zombie Viruses, which aren't just here to haunt us for Halloween! First, we'll introduce you to the key players associated with this type of attack.
Key Players
- Head Zombie: The Spammer/hacker
- Zombie Computers: Computers or websites taken over by the hacker or a virus
- Zombie Botnet: A network of zombified computers or websites
What is it?
In the computer world, a zombie is a computer connected to the Internet that has been taken over by a hacker, virus, or trojan horse.
Once the zombie botnet is large enough, it will begin to attack. The zombie head will command all zombies to target a website or server with the intention of slowing it down or completely bringing it offline.
Just like in the movies, you may not know your website has been bitten until it's too late and it begins to attack other websites...and even then you still may not know what your darling little website is doing in its spare time...infecting other computers, sending out spam messages, participating in coordinated DDoS attacks.
Why call it a zombie?
They don't want to steal your valuable info, they just want to keep you down so your resources can be added into the mindless collective. It can be used to perform malicious tasks under remote direction...think "drone zombies". It's a little spooky, but unbeknownst to you, your computer could possibly be used as a zombie to spread e-mail spam at this very moment!
Ok, not so scary, but pretty annoying. Once a computer joins the zombie horde, it will most likely be used to send e-mail spam or infect others. It is estimated that 50-80% of all spam around the world is sent by zombie computers, which allows spammers to avoid detection and reduce bandwidth costs (by using the zombie computer bandwidth).
How can zombies affect your organization's website?
- Commit click fraud against sites displaying pay per click advertising- Host Phishing or Money Mule recruiting websites
- Conduct distributed denial-of service attacks, which includes flooding target websites with a mass amount of simultaneous requests of a website's server with the desired result of crashing the website.
- Conduct "pulsing" zombie attacks, which will slow down rather than crash victim websites. Sometimes this is preferred by attackers over the intense flooding because it isn't as quickly detected and remedied. (Fast fact: This can go on for months or years without notice).
Signs your website is being attacked by a zombie:
- Spike in direct traffic - While it's typically an exciting
thing to see a big jump in traffic when reviewing your latest analytics and stats, it might not always be what it seems. - Your bounce rate is really high, meaning the zombie bots hit your home page (or a specific page) and leave immediately
- An increase in traffic is coming from all over the world (if your website content is not globally pertinent).
- There are programs to scan for botnet infection, but since each botnet is unique, these are not 100%
- Check for an increase in outbound traffic, increased CPU usage, and connections on unusual ports.
- Drop in incoming traffic due to your website being blacklisted once search engine bots detect the infection. The blacklisting can lower your search rankings and eventually lead to your site being blocked altogether.
What can you do about it if you think you are being attacked?
While there is no one fool proof way to prevent zombie
attacks or determine the origin if you are under attack, there are a few precautions you can take:
- Make sure your software is always updated - Protect your website from online vulnerabilities through a web app firewall.
- If your web audience is not global, it may help to not allow non-English browsers.
Overall, a few zombies here and there may cause minimal harm to your website performance. The real answer is getting the computers used by zombies cleaned up.
Say, what? You are telling me I can't stop the zombie apocalypse?
While
you may not be able to do a lot to stop it, what you can do is take the
signs listed above into account when looking at statistics for your
website. You do not want your web efforts (especially if you are doing
paid advertising) to be skewed by zombie visits without note.
Back to Blog Posts