Did you know that 80% of the world’s spam comes from “zombie” computers? A zombie isn’t the living dead you’ll see looking for fresh brains; it is a computer that has been taken over by cybercriminals and can be controlled from afar, unbeknownst to the user sitting in front of the screen. The armies of computers under the influence of a controller are called botnets, and they do the cybercriminal’s dirty work.
Aside from sending spam, botnets can be used to control other types of cybercrimes such as attacking Web sites, distributing viruses and other malware to others from your PC, and hosting phishing sites designed to steal personal information (e.g. your passwords, usernames, account information, and financial data).
In February 2011, McAfee saw botnets steadily declining worldwide, as law enforcement and security experts took down Rustock, the world’s largest botnet network. However, infections shot up to more than 3 million in March 2011, as researchers saw cybercriminals trying to make up for the loss of Rustock with a vengeance. Researchers also saw criminals attempting to make botnets work on Android phones and tablets (http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2011.pdf).
The Top Five Botnets Worldwide in May 2011:
It is usually hard to tell which Botnet is sending the spam that lands in your inbox, but certain Bots favor certain topics, for example, #1 Maazben sends spam promoting luxury watches and counterfeit pharmaceutical drugs; #2 Bobax sends lots of “lonely girl” and Russian dating spam; and #3 Cutwail tends to send spam for replica watches, pharmaceutical drugs, and also phishes for personal data from respondents.
Countries with the Highest Zombie Populations in May 2011:
Countries with the Lowest Zombie Populations in May 2011:
- French Guiana
- Cook Islands
- St. Helena
- Falkland Islands
As you can see in the infographic below, most people don’t even know they’ve become a zombie, but it is easy to download malware that steals your personal data, damages your computer, and spams your friends and contacts. Be wary of any unsolicited messages that claim to have news on celebrities or other sensational topics or links to images and animated greeting cards, and never click on links or attachments included in these messages.
There are some common symptoms of an infected device:
- The device is running sluggish
- Unusual activity at startup
- Internet security or virus detection software disabled
- You get e-mails from auto responders that the recipient is not online or on vacation, but you do not know the recipient
- Number of tasks running on the computer exceeds what should be running
- The device running at or near capacity
Tips to Avoid Becoming a Victim:
- Never download or click anything from an unknown source. If you really think your friend is sending you a video clip or an electronic greeting card, double-check with the friend to be sure before you click on the link.
- Before clicking on any links related to the news, check to see that the address is going to a well-established site. If it is a shortened URL, use a URL preview tool such as http://hugeurl.com/, to make sure it is safe to click on.
- Buy consumer security software from a reputable, well known vendor, such as McAfee, and make sure the suite includes anti-virus, anti-spyware, anti-spam, anti-phishing, a two-way firewall, and a website safety advisor to stay protected against newly discovered malware and spam. Run the software EVERY DAY (not weekly or monthly) to make sure your machine is clear of malware.
Tips on What to Do If You Become a Victim:
- To see if your machine has been infected, scan your computer for free using McAfee Security Scan Plus: http://us.mcafee.com/root/mfs/default.asp?cid=9913
- If your social media account has been compromised, change your password immediately and delete all dangerous messages and links. Also, let your friends know that your account could be sending them spam in your name.
- Contact the Cybercrime Response Unit at www.mcafee.com/cru, an online help center for advice and technical assistance, if you think you’ve been a victim of a cybercrime.