Fortinet Blog | News and Threat Research

It’s a little known fact that the month of May is actually Zombie Awareness Month.  While many pay homage with movie marathons and even reenacting zombie activities (well, some zombie activities) during pub crawls and horror conventions, we thought we’d give you some life-saving details on how to stop a different kind of zombie… The Zombie Computer! While an infected zombie computer won’t eat your brains for sustenance, they can still inflict a great deal of pain and misery to computer users.

A zombie computer allows an unauthorized person to gain control over another user’s computer. The infection is typically the result of a hacker, malicious Web site, email or even thumb drive. When the zombie computer is active, it can be found mindlessly roaming cyberspace, receiving commands and carrying out tasks. Commands often include downloading malicious software, spamming and launching distributed denial of service (DDoS) attacks. While older zombies were interested in fame, glory and your computer’s brains, today’s zombies are far more nefarious in that they’re now finding ways to trap your keystrokes in order to gain access into your bank accounts!

This brings us to today’s zombie computer survival guide.

The most likely way a computer becomes infected is by landing on a malicious link. To give you an example of how links can come from anywhere, take a look at the Koobface botnet that continues to infect Facebook users. That virus was spread through video links via Facebook friend messages.

While it’s not always easy to tell when you’ve become infected, sometimes you can pick up clues from other sources such as your friends. In the example of Koobface, it may have sent an infected video link to one of your friends with the caption “LOL, you have to check this video out.” Your friend who received the link may know that:

1.        You don’t ever send video links to your friends

2.        You never use the term LOL in your texted conversations

In either of these cases, a smart friend will ping you back and ask, “Why did you send this video to me?” If you know you didn’t send a video link to your friend, you can pretty much bet you’ve become infected or that your account has been compromised.

While you can’t kill a zombie computer by shooting it in the head, the best way to disable it and then kill it is to quarantine it (and the best way to do that is to disconnect the suspected zombie from the network). Then run a virus scan, which, if your software’s up to date, should find it and rub it out.

While real-life zombies aren’t too bright or fast on their feet, zombie computers can be quite devious. Therefore, the best line of defense is to prevent infection in the first place; an initial infection can grow worse over time and, well, you know what happens. And nobody likes a zombie.

Derek Manky contributed research to this report