Are you a zombie?

When witnessing yet another attempted viral attack via email (hopefully stopped by the antivirus) or directed at a computer port (and blocked by the firewall), or finding your machine locked down and infested to the bone, many of you may have wondered "But why? Who profits from all this virus activity?"

This, among other things, is one of the questions I hear most frequently when I talk about operating systems and security in training rooms. Indeed, while everyone (or almost everyone) clearly understands the profit in selling lottery numbers, it's difficult for the average user to perceive the benefits that come from spreading viruses.
The fact is that today's viruses are no longer as destructive as they once were. The era of lighthearted nonsense is over, and the new logic is one of profit and productivity. As in the biosphere, a virus that kills its host can also cause a pandemic, but it's a failure because it simultaneously commits suicide. A virus that doesn't cause any particular problems for its host, or perhaps even manages to change it a little to build an ecosystem more favorable to its own species, is a success.
So, what do today's viruses do? Very simple: the main purpose of a well-made virus is to turn your computer into a zombie.
A zombie is a machine that, without the owner's knowledge,

It performs a specific task (for example, it sends a spam email to everyone in the address book), but, even better,
When the user is connected to the Internet, it sends their IP address to a specific website or mailbox and opens a backdoor (service door) allowing remote control.

This second scenario is especially rewarding because it allows the virus writer to safely use your computer from who knows where for small tasks that won't significantly slow it down, and obviously won't crash it. Otherwise, sooner or later, you'll notice, and perhaps even without knowing the reason for the slowdown, you'll reinstall Windows.
The problem is that these tasks may be small, but they're generally illegal, and your IP address remains in the spam recipient's logs or in the system being attacked.
The second point is that the virus writer's goal is to control a large number of machines and make them all work together. Such a concentration of zombies is called a "botnet" (network of robots) and can be used, for example.

To broadcast the same unsolicited advertising message to 10,000,000 users in a matter of minutes;
To launch a DDoS (Distributed Denial of Services) attack by sending millions of page requests per second to a given server, overwhelming it to the point of preventing it from responding to legitimate users;
To disseminate various types of illegal material;
To decode a password file (stolen from some system) through random attempts: a single computer would take a year, but 100,000 computers can do it in less than 10 minutes;
Finally, for an activity not necessarily related to controlling a botnet, but lucrative, especially when successful repeatedly: saving everything you type while online (including your bank account passwords) in a file and sending it to a specific address.

Of course, all this came at a cost. The last person arrested for organizing such a network (the botmaster) managed more than 500,000 zombies spread across the world, meaning at least 100,000 were running simultaneously, and he had earned more than $100,000 in a year renting out his botnet. He probably even invoiced them. Marketing consulting.
The great thing is that the defense system is quite simple: install a good antivirus system + firewall (there are also free ones) and keep it updated (or use Linux).

Back