e-Security | Cyber Security Malaysia | Vol: 26-Q12011 © CyberSecurity Malaysia 2011 - All Rights Reserved 15 Organizations are waging a full-blown war on computer zombies - infected machines that obediently obey commands from remote masters without question or complaint. Yes, “The Walking Dead” in Cyberspace. But, this is no Hollywood act. Zombies have the potential to exponentially grow in numbers, each ultimately reporting to the same master, forming a botnet. With a wealth of infectious zombies crawling about, we have identii ed seven ways for companies in Malaysia to prevent zombie attacks.

1. Inspect machinesenvironments on a regular basis

Zombies can be very patient pieces of code that can wait weeks or months before activating. Do not assume all is well on a one-shot inspection that fails to observe malicious activity.

2. Do not rely on visual inspection or what your machine tells you. Gateway inspection

of tra ffi c is the best approach to sniff out a zombie, since packets have already been sent from a machine and should not be further altered Zombies can infect machines with rootkits, gaining kernel-level privileges that allow it to essentially control the operating system – hiding i les, windows, network trafi c, etc.

3. Quarantine a machine on detection, or visual clues such as fake antivirus pop-

ups. Clean before re-instating into network Zombies make money for their masters. The most popular way is through scareware, windows that pop up claiming a user needs to purchase cleaning software. It’s a sure sign a resident zombie has downloaded this software to generate cash l ow. Zombies can quickly infect other local machines on a network, so it’s very important to quarantine immediately until the threat has been cleansed.

4. Profi le tra ffi c

Zombies often have a repetitive habit of responding the same way to the same servers on the same port–Typically HTTP. If a steady stream of outbound HTTP requests to the same IP is detected, especially a browser isn’t in use, then there’s a good chance a zombie has infected the system.

5. Inspect egress tra ffi c

Intrusion prevention helps stop zombies from Stop your Computer from Becoming a Zombie BY | Derek Manky invading a network. The same technology can also help detect zombie chatter. Even if a machine is infected with a zombie, detecting and blocking zombie trafi c that is outbound to its master is an effective way to mitigate the threat. This way, the zombie still lives but cannot receive commands or send information such as stolen bank credentials.

6. Avoid infection. Defend against