Quantcast
Subscribe to magazine

Study: AOL Leads in Zombie Infections

Internet giant's customers account for the highest percentage of infected PCs, researcher says.

John E. Dunn, Techworld.com

  • 0 Yes
  • 0 No

AOL is the global network most infected with "zombie" PCs, according to a new study.

Prolexic has spent the last six months compiling information on the problem of zombies using real-world denial-of-service attack attempts generated by the hijacked machines. AOL accounted for 5.3 percent of all infections, with Deutsche Telekom in second place with 4.67 percent, and Wannadoo third with 3.27 percent.

The most infected countries as a percentage of the total detected were the U.S. (18 percent), China (11.2 percent), Germany (9.6 percent), the U.K. (5.1 percent), and France (5.1 percent). However, calculating zombie numbers on a per capita basis, the most infected countries turned out to be Hong Kong, Germany, Malaysia, Hungary, and the U.K., in that order.

High Profile ISPs

"It shouldn't be a surprise to find that some of the most high profile Internet Service Providers are most susceptible to providing a safe haven for large numbers of zombie PCs," says Prolexic CTO Barrett Lyon. "It is these networks which are continually being exploited to support large scale DDoS attacks."

"Just because a home user subscribes to a reputable brand doesn't mean they're safe from the online criminal fraternity," he says.

AOL has since defended itself by pointing out that it is by some way the largest ISP, and that the number of zombies on its network is actually low in relation to the total number of its subscribers.

Prolexic was at pains to emphasize that its zombie data was culled from attempted real-world attacks, and not traffic to research honeypots, used by some to calculate zombie incidence. The company's business is in selling "clean pipe" Internet connections so the assumption is that the data comes from attempts through its own network.

The company said it had seen a shift in the way zombies were being used for DDoS attacks in recent months. Attackers now favored "full connection based flood" whereby real IP addresses were apparent to the defenders. Such a brute force type of approach could still work because the sheer number of addresses could overload blacklisting systems.

  • Recommend this story?
  • 0 Yes
    0 No

Print 65% more pages than with refilled inks. Trust Original HP Inks. Hit Print Reliably.

Featured APC Accessories For Your System
10% Off Entire Cart at Online Store

  • APC Back-UPS ES Safeguards your equipment from damaging surges and spikes that travel along your utility & data lines.
  • APC SurgeArrest Performance Highest level of protection for your professional computers, electronics and connected devices, as well as provides surge protection.

People who read this also read:

  • 2007 Microsoft Office Suites Comparison This paper compares and contrasts four suites of the 2007 Microsoft Office system: Microsoft Office Standard 2007, Microsoft Office Professional Plus 2007, Microsoft Office Enterprise 2007 and Microsoft Office Ultimate 2007. This paper is intended to help organizations understand the applications and capabilities offered, and to identify the suite that best fits their needs.
  • Windows Vista Migration: The Business Proposition It's not so much a matter of "if" but "when" for most organizations regarding migration to Windows Vista. Laying the groundwork now for this migration can yield higher ROI than waiting until later. This Computerworld Technology Briefing explains it all.

PC World's Marketplace