What Are Zombie Computers & How Do They Create A Zombie Network?


What Are Zombie Computers & How Do They Create A Zombie Network?


With the month of October comes the spookiest of holidays: Halloween. And in the world of technology, few things are quite as frightening as zombie computers that have been infected by viruses that give remote hackers complete control over a device and its resources.

And much like a scene out of a horror film, once a computer has been infected by malware of this kind, it quickly joins the ranks of other zombies in the hoard to await commands.

But what makes zombie viruses different from your typical malware, and what’s the ultimate goal of the hacking groups that deploy such threats?

How Are Zombie Networks Created?

While some viruses specifically target high-profile targets, such as Fortune 500 companies or political officials, zombie malware differs in that its intent is to secretly infect as many computers as possible to grow its network.

Most commonly, these viruses install themselves covertly through back doors in security networks or exploitable vulnerabilities within web browsers and other programs. While the number of infected computers may vary, the largest zombie network (also known as botnet) was discovered  in 2009, when a Ukrainian hacking group infected 1.9 million computers through a JavaScript code that launched when individuals opened a fraudulent web page.

Regardless of how the virus makes its way onto a device, once installed, the malware then opens networking ports within the computer, allowing the device to connect to an online server controlled by outside hackers.

Once the network has grown big enough for the malicious task at hand, the hacker can simultaneously assign hundreds, thousands, or even millions of computers to complete attacks through the web. Even more frightening, because infected devices continue to work as normal while the hacker gives commands, it’s likely that individuals without behavior tracking anti-virus and other modern security measures offered through companies like Rocket IT, will never realize their device has been compromised until it’s too late.

What Are Zombie Computers Used For?

Now, as you can imagine, if a hacker is able to zombify a large number of computers, it opens up a variety of possibilities for malicious online attacks.


One of the most popular ways zombie computers are used is in denial-of-service-attacks, commonly known as “DDoS”. In these attacks, multiple computers attempt to access one website at the same time. The greater number of computers at the hacker’s disposal, the greater the attack. In turn, if the site does not have the resources to host the number of computers that attempt to visit it, the site’s server will inevitably crash. And because these threats come from multiple computers, it makes it difficult to determine and shut down the original source of the attack. As a result, hackers may then extort the owners of the site for money, and in turn, promise to cease future attacks.

Degradation-of-Service Attacks

Alternatively, if the hacker isn’t interested in an immediate cash payout and has ulterior motives, a degradation-of-service attack can use zombie computers to spam a website with slightly less traffic than a standard DDoS attack. In turn, rather than completely crashing the site, hackers can slow it down, leaving site developers to question the problem for weeks or months.


In a previous Rocket IT blog, readers were given an inside look at phishing emails and what they entail. But did you know that many of these phishing campaigns are distributed via a network of zombie computers? Now, if you have Rocket IT’s enhanced spam filters in place, you may not be aware of this, but the amount of spam hitting inboxes has dramatically increased in recent months. And although not all spam can lead to your computer becoming a zombie, phishing offers an easy way for hackers to grow their network of infected computers.

Without the owner’s knowledge or consent, hackers can log into the infected device’s email platform and distribute spam to an entire list of contacts. Not only does this allow the virus to spread throughout an organization, it can also spread to clients and other important individuals. More importantly, because the spam looks as if it is coming from a reliable source, recipients are more likely to click included attachments or links, increasing the likelihood of the attack’s success.

Data Theft

And finally, don’t be mistaken and think that zombie viruses are only using your computer to steal time and resources from other individuals. Like nearly all malware, zombie viruses also want your data. Whether it be passwords to online banking or admin credentials to company assets, having an infected device means you’re putting both your personal and employer’s health on the line.

Is My Computer a Zombie?

Determining if your computer is part of a zombie network can be a difficult task. Because zombie viruses work discreetly in the background, they don’t often present any major signs that your computer has been infected. That said, you may notice your computer having some hidden symptoms or warning signs if there is a security breach.

  • Slow computer speeds
  • Higher internet bills
  • Unstable network speeds
  • Computer crashes
  • The running of unknown background applications
  • Next-generation anti-virus notifications
  • Higher than normal CPU and RAM usage

How to Protect Your Computer from Becoming a Zombie

In previous years, basic cybersecurity measures, such as firewalls, backups, default spam filters, and traditional anti-virus software may have been all you needed to remain protected from malicious attacks. Unfortunately, hackers have become smarter; developing new malware that can go undetected by older security applications. Keeping that in mind, here are a few ways you can greatly mitigate the risk of your device becoming a zombie. 

Switch to Next-generation Anti-virus

Also known as endpoint detection and response, next-gen anti-virus does what traditional anti-virus fails to do: accurately detect and prevent new viruses from installing on your device. To get an idea of how this works, let’s take a quick look at how traditional anti-virus software functions. Every program, whether malicious or not, has a unique identification code assigned to it when developed. When a new virus is discovered, developers of traditional anti-virus applications rush to place that unique ID on a list. Before a new program can be installed, traditional anti-virus scans the download to ensure its signature does not match any known threats.

Unfortunately, because virus development has picked up at an alarming rate, there are many times where this method is not quick enough to solve the issue. As an alternative, cybersecurity experts have begun to suggest that organizations make the leap to next-gen anti-virus software. Rather than simply relying on the unique signatures of viruses to detect threats, next-gen anti-virus uses behavior tracking technology to look for abnormal activities initiated by programs. If any suspicious behavior is detected, next-gen anti-virus will halt the program from completing the action and send an alert.

Enhanced Spam Filters

Although many email platforms do a decent job of placing potentially harmful messages into junk folders by default, fraudulent emails can often seem legitimate. As a result, it’s quite common for emails with malicious attachments and links to find their way into your inbox if proper spam filters have not been implemented. Fortunately, Microsoft 365 makes it easy for admins to change the level of junk email protection across an entire organization. 

Security Training and Phishing Testing

As mentioned previously, hackers actively attempt to grow zombie networks by deploying phishing campaigns, in hopes that unsuspecting individuals will click on links or attachments. And although this may seem like a difficult method of attack to prevent, the reality is that regular security training and phishing testing can greatly mitigate your computer’s chance of becoming part of the zombie hoard. Through Rocket IT’s security awareness training, teams can begin to understand current phishing threats and how to spot them. In particular, these training sessions go over new email spoofing techniques, how to detect fake URL links, and grammatical errors to look for when reviewing an email’s content.

Once the initial training is complete, regular phishing testing can be used to detect any vulnerabilities within the organization. Rocket IT uses a training platform that sends out harmless, simulated phishing emails. It then tracks the number of individuals that took the bait and clicked the email; allowing organizations to effectively train and hopefully prevent future attacks.

Application Whitelisting

Application whitelisting programs, such as ThreatLocker, provide organizations with an opportunity to control the specific applications that can be installed and run on computers. To accomplish this, network administrators define a specific list of approved applications. Those that don’t make the list can’t be run without the administrator’s approval; making it far more difficult for zombie viruses to secretly install themselves on company devices.

Stopping the Zombie Hoard Is up to You

There are billions of devices connected to the internet, and standard PCs are not the only technology at risk of being turned into a zombie device. Smartphones, cameras, and even smart refrigerators all pose a risk if their security infrastructures are not regularly updated. In turn, it’s the responsibility of owners to help dwindle the size of zombie networks. Should you have any questions pertaining to zombie viruses and the new cybersecurity initiatives developed to stop them from taking control of your devices, reach out to Rocket IT at 770.441.2520 or by using the contact form below.

Posted in ,