( dpa ) - What are zombies? The question is easy if you're talking about horror films, since it's all about fantasy. But zombies do exist in a growing number of homes, completely unnoticed.
These aren't the living dead, but rather computers whose owners no longer have sole control of their machines because they belong to "botnets."
The manipulators behind these enslaved computer armies use them for tasks like massive dissemination of spam. The prime defence for computer users is to establish comprehensive protection against attacks of this kind.
"Botnets consist of PCs, known as zombies, that are being controlled remotely without the owner actually knowing it," says Matthias Gaertner from the German Federal Agency for Security in Information Technology (BSI) in Bonn.
In some cases tens of thousands of computers are linked into large networks controlled by a "Control-and-Command Server," or CC. Many of these are international: The zombies are in Europe, while the server itself is physically in the United States or somewhere in Asia.
"The problem is increasing drastically," says Daniel Bachfeld from Hanover-based c't magazine.
Security software makers are also pointing to the growing threat to private users that that their computer may become a zombie.
One in four computers with internet access may be affected at this point, claims anti-virus software maker Symantec. Some question whether that figure isn't inflated to promote sales of the company's own software.
"No, that's no PR," says BSI spokesman Gaertner. Daniel Bachfeld suspects that the dimensions of the Bot problem may even be bigger than the software maker suspects.
How do the operators of CC servers lure computers into their nets? "This usually happens via malware - Trojans," Gaertner says. They either take advantage of the security holes in specific applications on the computer or try to gain access through e-mail attachments or rigged websites that the users open. These are often, but not always, sites in the "red light" district of the internet.
The tricky part: The user generally isn't aware of the attacks - particularly if the computer is relatively new and there's plenty of bandwidth available. That leaves enough processing and bandwidth playroom for shady goings-on in the background without the computer being brought to its knees.
A zombie will work slower than a "clean" computer. But few users will notice the difference unless they observe something like a download taking much longer than normal.
Why run a botnet? "In principle it's all about earning money," says Matthias Gaertner from the BSI. The networks are often used to send not just spam but phishing attacks as well, Daniel Bachfield explains.
"That means that under some circumstances a zombie can become a server for luring even more clueless users" who are tricked into revealing data like online banking passwords.
Botnets can also be used to attack IT infrastructure such as corporate networks. It's even possible to rent this kind of network, Gaertner says.
"That's an indication of how professional cybercrime has become," he says. The botnets continue to spread not just spam, but an ever- widening circle of malware.
What can be done against the risk of having an unrecognized zombie on your writing desk? Daniel Bachfeld recommends "the modern security trinity" for cyber threats: Firewall, virus scanner, and regular execution of security updates.
The experts at c't also mention special software solutions tailored for the botnet threat. "But somebody will absolutely find a way to fool these too," since every security kit eventually meets its match. That makes it all the more important for users to mind their behaviour habits on their own computers.
As Gaertner says, "You should practise the same healthy mistrust on the internet as in real life."