What are Zombie and Bot attacks? If a group of hackers in Russia was trying to flood your web server with traffic then you could simply block their IP addresses and stop them cold. They know that, so when they want to launch an attack they use a coordinated army of proxies, called zombies. The collection of these zombies are a botnet.
When hackers attack your web site like that, it is difficult, if not impossible to block that kind of denial of service (DOS). This is because there is no way to tell from the many thousands of IP addresses that are connecting to your website which are hackers and which are legitimate users. You cannot just block everyone because then your website would not work
What makes this worse is those whose computers have been co-opted this way cannot tell either. Their computers will have been infected in a way such that their anti-spam software does not detect it. Only a skilled security person would know to look and see if their computer is connecting to computers it should not connect too, like the Government or businesses they do not use.
The other thing the botnet protects is the hackers. Law enforcement and the spy agencies cannot readily tell who is doing the hacking as the IP address of the zombies is different to the hackers.
Botnets also do more than just DOS attacks. They are used to infect other computers and do coordinated attacks on business and government. Then the botnets role is to assist with the delivery of the stolen data to the hacker’s command and control centre. They can also be used to relay email, but most anti-spam engines will stop that.
How to Defend and Why this is Such a Problem
The best defence against botnets is to periodically completely erase your computer the same way your erase your cookies every now and then. That gets rid of the zombie and anything else that is bad. Erasing your computer is practical as long as you keep all your data in the cloud.
But the average child, mom, father, grandmother, granddad and anyone who is not a computer analyst or programmer does not have the skills to do this. How many of you have elderly parents or grandparents who barely know how to use email or know what the cloud is? Try to explain to them that they need to erase their computer when their friends complain about all the errant emails coming out from their hacked email account.
Hackers exploit this large education gap between people who understand how to work with computers and those who do not. For this reason, hacked computers can remain hacked and useful to the hackers for years. Hackers even rent out these botnets to other hackers. You can find those for rent on what is called the dark web. That is the part of the web hidden behind the Tor encrypted network. There is no search engine for those. And these hacker markets usually require an invitation from another hacker to join.
Finally, if you do want to try to block zombies, you can use DOS mitigation services from companies like F5, Akamai, Cloudflare, Imperva Incapsula, and others. But like we said, they don’t always work. But those companies know what botnets are out there, so can at least eliminate known zombies.
If you'd like to find out more about moving your data to the cloud, talk to us at Storm by clicking here or calling us on 0800 817 4727. We've been providing ultra fast, secure web hosting services since 2004 and know a thing or two about optimising servers and sites for speed.