PC ghosts are all trick and no treat.
Al Fasoldt's reviews and commentaries, continuously available online since 1983

T e c h n o f i l e
Ghosts in the machine can turn your PC into a spam generator

Oct. 28, 2007

By Al Fasoldt
Copyright © 2007, Al Fasoldt
Copyright © 2007, The Post-Standard

   Is that a ghost heading toward your door Wednesday night, asking for candy? No doubt you won't want a trick, so you'll give the visitor a treat.
   With that, the ghost will go away. Oh, how I wish the ghosts in your PC were like the ones that show up on Halloween. PC ghosts are all trick and no treat, and the trick isn't just played on you. It's played on all of us.
   Let me explain. The ghosts in your machine, if you use a Windows PC, invade your computer by sneaking into it through the weaknesses in Internet Explorer and Outlook Express. (They're so dangerous that Windows users should consider switching right now to safer programs. The ones I recommend are Firefox and Thunderbird, both free. Go to www.mozilla.com to get them.)
   These ghostly invaders turn Windows PCs into zombie computers -- PCs that are controlled remotely. Millions of PCs have been captured and held hostage this way worldwide, and the number is soaring by an estimated 500,000 a day. Sadly, the PCs that get bitten by these zombie "vampire ghosts" aren't hidden away in offices or schools. They're almost always home computers, ones you and your neighbor use.
   Windows computers are the targets in these attacks. Apple's Mac computers do not use the faulty Windows code for Internet Explorer and Outlook Express and cannot be infected the way Windows PCs can.
   Zombies work like this: They hide away on your Windows PC and don't become active until the middle of the night, when you're most likely to be asleep. If your PC is turned off, the invaders turn it on through a preset timer -- a feature included in every modern PC -- and once the PC is forced to start up, they start stealing all your e-mail addresses and passwords. Then they contact their remote masters at a Web site far away and pick up a load of unsent spam.
   At your PC, while you're sleeping, they go online to relay this spam to a horde of unsuspecting targets. (Microsoft monitored a zombie PC and found that it was able to send out a million spam e-mails overnight.) Zombies are believed to be responsible for 80 percent of all spam.
   These ghosts also send out copies of themselves, trying to infect other Windows PCs through Internet Explorer and Outlook Express. Each PC infected this way becomes another zombie computer, doing the bidding of international spam peddlers.
   But more than spam is at stake. When enough PCs are rounded up as zombies, shadowy figures working in Eastern Europe and Russia -- two hotspots of zombie control worldwide -- are able to send instructions to thousands of zombie PCs to coordinate attacks on Web sites and networks run by governments and large companies. These attacks of "botnets" -- networks of bots, or robots -- can knock out Web servers for hours at a time. The Pentagon's servers have been attacked by such botnets, as have servers in countries that have broken away from the Russian federation.
   How big can zombie botnets grow? There might not be a limit. Botnets of 20,000 zombie PCs are common, but Vnunet.com, a technology-related publisher, has reported finding one comprising a million captured PCs.
   Antivirus software can help detect zombie infections, so that should be your first defense. But there is a second method: Always connect your Windows PC to a switched multi-outlet power strip, and turn the switch off after you've shut down your computer. This prevents any zombie activity. (An unpowered PC can't be turned on at all.)