Web of Crime: Zombie PC Armies Designed to Suck Your Wallet Dry

Part 2 of a special five-part series.

As a teenager running his own online chat server in the 1990s, Barrett Lyon had no idea that the attacks routinely pounding his server would evolve into an Internet scourge that earned serious profit for online criminals.

Lyon says that he enjoyed using Internet Relay Chat, or IRC, as a place for people to share ideas and get instant answers to questions. But online, as in the real world, bringing a bunch of teenage male egos together inevitably resulted in battles, and Lyon was forced to become a de facto security expert in order to fend off frequent attempts to shut his server down.

It was "basically one big massive testosterone ego fight," Lyon says, from "kids that wanted to prove themselves." The teens of the late 1990s wrote and deployed software that became known as "bots," short for "robots"--programs created to attack each other and to hit servers such as Lyon's.

How Bot Networks Work

In a general sense, a bot is a program that acts semiautonomously in response to commands sent by humans. Bots aren't necessarily evil or illegal. For instance, the GoogleBot scours the Web for the purpose of improving that search engine.

But harmful bots, when installed on the PCs of unspecting users, connect to IRC, or to a Web site, or even to a peer-to-peer network and await commands from their controllers. When the commands arrive, the bots execute them on their unwitting hosts--which might include your personal computer--enabling malicious hackers to gain complete control over those machines; the infected PCs are then called "zombies."

When a bot has spread to a huge number of computers, the resulting botnet provides a ready source of computing power and Internet access that the bot's owner can abuse at will.

What was once a weapon for attention-hungry teens in chat rooms has mutated into a digital tool that Internet criminals now use to steal millions of dollars across the globe.

For instance, a July 2005 study by antivirus vendor McAfee reported that the number of systems infected with malicious software that allows a PC to be used for unauthorized purposes jumped by 303 percent during the second quarter of 2005 from the previous quarter.

The primary purpose of these infiltrations is to make money, says Larry Johnson, special agent in charge of the Criminal Investigative Division of the U.S. Secret Service. And in some respects, the operations function just like a legitimate business. For instance, malicious entrepreneurs appear to be charging $2000 to $3000 for temporary use of armies of 20,000 zombie PCs, according to a June posting on SpecialHam.com, an electronic forum for hackers.

Subscribe to the Security Watch Newsletter

Comments