Don't Let Your PC Become a Porn Zombie
October 1, 2003
By Brett Glass

More than a thousand Windows PCs were hijacked recently, unbeknownst to their owners, to send spam and distribute pornography. This was done via a Trojan known as Migmaf (migrant Mafia) that turned their machines into proxies, or relay points, which hid the real servers involved. (For more information, see the article at www.wired.com/news/print/0,1294,59608,00.html.)

The victim machines, controlled from afar, are often called zombies. Here's how to keep your PC from becoming a zombie in the service of spammers, pornographers, and malicious hackers.

It's important to understand that although mainstream news coverage of such exploits is a recent development, these activities have been occurring practically since the general public was allowed to use the Internet in the early 1990s. Back then, hackers who wanted to cover their tracks would take control of machines running certain programs that let Windows-based PCs share Internet connections (before Microsoft built Internet Connection Sharing into the operating system). They'd then use these machines as proxies for their attacks on other systems. When investigators tried to trace the break-ins, they would find only the Windows machine, which kept no record of the hacker's whereabouts.


Pornography and spam make for good headlines, but the purposes for which most compromised machines are used are not nearly as sensational. Most often, machines are used as repositories for warez—pirated software—or as rendezvous points for IRC sessions among hackers. They're also commonly used as soldiers (or zombies) in distributed denial-of-service (DDoS) attacks, in which large numbers of computers focus a barrage of network traffic on a single company or computer system. In most cases, users whose machines are compromised never know that their systems are being used for nefarious purposes.

You can protect your machine by learning to recognize the signs that your computer is being invaded. Are the lights on your cable/DSL modem, or network hub flashing wildly when you're not doing anything on the Net? Is your hard drive seeking frantically when the system ought to be idle? Does your system seem sluggish? While none of these symptoms are sure signs that your computer has become a zombie, they merit investigation.

If you're running Windows, try typing netstat-a in a command window. Do you see established connections to other machines, even when your browser and e-mail programs are closed? If so, your computer could be compromised. (For helpful information on the ports Trojans generally use, as well as the free PestPatrol Port Checker utility, check out http://pestpatrol.com/Support/About/About_Ports_And_Trojans.asp#advice.)

Finally, learn how to keep your computer from being taken over in the first place. Install patches and updates regularly. New holes in Windows are being discovered all the time, but it's still a good idea to patch the old ones to limit your exposure. Are you running a personal firewall, such as ZoneAlarm? If not, install one, and check to see whether any unfamiliar programs are trying to access the Net.

Have you checked your machine for viruses lately? Is your antivirus software up to date? Have you tested your machine for spyware? If not, you may have missed a malicious program that has taken over your machine. Are you running Microsoft Internet Explorer, Outlook, or Outlook Express? If so, consider switching away from these programs—which represent the most common entry points for viruses and worms—to alternatives such as Eudora, Mozilla, and Opera.

Remember, most hackers aren't out to get you personally. They want to use your computing resources to hide their activities or attack enemies. But if you protect your PC, they'll gladly use someone else's machine to distribute their porn, spam, warez, and denial-of-service attacks.

Brett Glass is a freelance consultant, author, and programmer.




PCMag
Copyright (c) 2003 Ziff Davis Media Inc. All Rights Reserved.