Hackers switch to the web to control zombie PCs

News by Fiona Raisbeck

Hackers are moving to web based techniques to control zombie PCs, making it harder to identify them on a network, according to an article published last week.

Hackers are moving to web based techniques to control zombie PCs, making it harder to identify them on a network, according to an article published last week.

The online article claims many cyber criminals have stopped using Internet Relay Chat (IRC) to control their botnets and are switching to the web to manage compromised computers. By moving the command and control channels for their botnets online they are able to blend in with other web traffic, making it difficult for them to be blocked.

Previously security professionals were able to spy on and detect hackers sending orders via IRC servers. This allowed the Internet Service Provider to block traffic to the server, preventing the zombie from contacting its command and control centre.

According to the article, the newly compromised computers connect to a website to receive commands from the cyber criminal. The sites are hosted on hacked servers or PCs that have been online for a long time, enabling the hackers to upload instructions for their bots. Protection mechanisms which block IRC traffic fail and this leaves businesses vulnerable to attack.

Joachim Fietz, CEO of industrial security specialist Innominate, believes this technique allows zombies to go undetected by internet security systems and poses a serious threat to an organisation's office based network and manufacturing production lines.

He said: "Hackers have always posed a major problem for any organisation that uses a computer. With hackers disguising their viruses, the threat is enormous."

He continued: "Should a virus infiltrate a production line network, the ramifications could be catastrophic for the company, resulting in financial harm, image damage and loss of faith. Manufacturing plants should protect each networked device individually and be aware of all new threats posed by hackers."

In the article Jose Nazario, a senior software engineer at Arbor Networks, said security professionals need to work harder to combat this threat and become proactive.

"We have to speak a whole different language now. We have to learn new command instructions and communication mechanisms that each of these bot families uses. The criminals always make the first move and we counteract," he said.

However, he believes security experts can fight the new generation of zombies by blacklisting web addresses used by malicious programs. "You certainly can't just block all outbound web traffic. But if you have identified a certain web server and it's not used for something else, you can go and block that IP address," he said.

This follows the announcement last week that BT proposes to launch a spam blocking system, which aims to monitor the commands of botnet controllers on public IRC servers and cut off spam at the source.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike