Feb 09 2007

How are Zombies Affecting Education Technology Networks?

When malicious hackers make zombies out of vulnerable computer networks, the damage can be serious – especially when their intent is identity theft.

As you read this, there's a good chance that there are zombies on your campus. I don't mean the poor sleepless souls seen burning the midnight oil around exam time. I'm referring to computer zombies hijacked by viruses ushered onto servers by unsuspecting faculty and staff.

Information technology security experts call them zombies because they come under the control of unauthorized users and carry out their nefarious deeds. Here's how: A virus containing malicious code covertly enters through an open data port. The virus, under its creator's orders, then replicates on other computers. Once an army of these zombies – often called botnets, short for robot networks – has been created, their masters turn them loose. How many zombies are out there? According to the “Internet Security Threat Report” from Symantec, through the first six months of 2006 there were 4.7 million active botnet computers worldwide.

In the past, zombies were used to slow down networks through distributed denial-of-service (DoS) attacks. Now, they launch spam. IT security experts estimate that more than 50 percent of spam comes from zombies. Spam is more than an inconvenience; it delivers spyware, Trojan horses and viruses that further compromise servers and steal personal information.

More than a million people affiliated with universities, including donors and alumni, had their personal information compromised in 2006.

The problem is complex. On the one hand, you're doing your best to keep your institution's network accessible – letting students, faculty and staff access servers 24 x 7 to download and upload files.The solution is complex, too. You must create the proper blend of policy and tools. Start with up-to-date antivirus software. It's not foolproof, but it does help detect zombie agents. Also, be sure your users know how to update their operating systems and maintain healthy computing practices.

Most universities provide end users with antispyware software to keep out spyware, pop-up ads, cookies and keystroke loggers. But some have gone the extra mile to protect their networks.

Harvard University requires that any information on its network be encrypted and recommends encryption for confidential information stored on any PC. The school also suggests that networked computers be visible to the Internet if connectivity is required for operation to reduce the likelihood that a hacker will target them as “spambots.”

The University of Minnesota dissuades students from using apps that let them share files with other network users and reminds its students that peer-to-peer music, video and other anonymous filesharing programs are a source of many viruses and worms.

None of these policies or tools mean much without the willing cooperation of students, faculty and staff. Be sure they know the sometimes dire consequences of otherwise innocent file sharing and file downloads. Because there's no room for zombies on campus.

Crime Doesn't Pay

Why do criminals bother creating zombie computers? Greed – plain and simple.

  • A 21-year-old man was sentenced last year to 57 months in prison in the first federal prosecution of botnet crime, the FBI reports. His targets were federal computer installations. The proceeds of his illegal activity, including more than $60,000 in cash, computer gear and a luxury automobile, were forfeited to the government.
  • A 19-year-old was convicted of conspiring to use botnets to attack competitors of his online sportswear business, according to the FBI. He was sentenced last summer to 30 months in prison. The court ordered him to make restitution of $504,495 to his victims – the Web sites he targeted and an Internet hosting company.