by Larry Magid
I think I can say with a great deal of certainty that the overwhelming majority of parents don’t operate websites based in the Republic of Georgia. And I am also certain that you’re not malicious hackers. But before you ignore my story, consider the possibility that the PC in your house could have played a role in taking down the website of the President of Georgia.
Attacks against Georgian government sites, according to the New York Times, started “weeks before physical bombs started falling on Georgia,” and the Georgian president’s site was difficult or impossible to access on Tuesday afternoon, even though the site moved from the country of Georgia to an Internet service provider in the state of Georgia in the United States.
“This is a classic denial of service attack (DOS),” said Steve Gibson, president of Gibson Research and a leading security expert.
In an interview, Gibson said it has all the marks of a “zombie” or “botnet” type of attack. “Botnet” is a hacker term for a network of robots — machines that are surreptitiously recruited to attack other machines.
“Essentially what happens,” explained Gibson, “is a large number of computers that are under the control of some entities — presumably someone with a grudge — can be recast for various purposes.
“Sometimes they’re used to generate spam, sometimes to generate fake clicks on advertisements and sometimes they are told to simply flood a site with traffic,” said Gibson.
These zombie machines can bombard a server with enough requests in a short period of time to simply overwhelm it. It would be like putting thousands of cars on the freeway, making it impossible for normal traffic or emergency vehicles to get through.
Such tactics are sometimes referred to as distributed denial-of-service attacks because the computers used in the attacks are distributed all over the Internet. It’s often difficult for the attacked machine to distinguish between legitimate requests for service and the bogus request from the zombie machines.
DOS attacks can also be carried out by disrupting configuration data such as routing information so that traffic to a server is re-routed, or simply sent nowhere instead of the server that users are trying to reach.
The machines that wind up carrying out the attack “are typically owned by regular computer users who have no idea that their machine is now serving two masters,” said Gibson. “It’s serving them, and some remotely located criminal that is able to take the resources of their machine and their Internet connection for some malicious purpose.”
Malicious software to carry out these attacks can come from websites, via email or as part of spyware people inadvertently download to their computers. Most Internet security programs can protect PCs against being infected by such software, though security is — and has always been — a cat and mouse game between the good guys and the bad guys. That means there is always the possibility of botnet software slipping past the defenses of even up-to-date security software.
Still, if you use up-to-date security software, the chances of your machine being infected go way down. Also, security software such as Symantec’s Norton 360, TrendMicro’s Internet Security Pro, Zone Labs ZoneAlarm Security Suite and Kaspersky Lab’s Kaspersky Internet Security all do a good job at repairing infected computers along with preventing infections in the first place.
It’s also important to be sure that your operating system is up-to-date. For example, Microsoft issued updates Tuesday for various versions of Windows which fixed 26 flaws, including six what were considered critical. These flaws could put your computer at risk of being taken over by a hijacker who could use it for virtually any purpose — including attacking other computers or web servers.
You can learn more about how hackers can turn your computer into a malicious zombie in my CBS News podcast discussion with Steve Gibson.