How do I tell if my computer is a zombie?

[Guest guest]

How do I tell if my computer is a zombie?

http://www.pcworld.com/article/id,134988/article.html?tk=nl_esxcol

 

How do I tell if my computer is a zombie?

Wendell Daar, via the Internet

 

Talk about a scary phenomenon! Through a virus or worm, a criminal takes over

your PC, which behaves normally until it receives instructions over the

Internet to mass-mail spam, take down a company's network as part of a

Distributed

Denial of Service (DDoS) attack, or log your keystrokes to gain access to your

bank account. When it's done, your system reverts to acting like a normal PC.

 

 

You can't easily tell if your PC has been zombified. The usual malware

warning signs--computer slowdowns, odd behavior--apply to zombies, though they

could

easily be signs of lesser problems. Watch your firewall software for strange

outgoing traffic. Run multiple online virus scanners (browse to How Can I Tell

If My PC Has Caught a Virus? for details). Also check out Symantec's free

Norton AntiBot Beta, which specifically looks for bot infections. Still, don't

consider yourself safe in the event that AntiBot doesn't turn anything up.

 

Some zombie or bot software can hide itself from virus and malware scanners

by installing a rootkit. Free rootkit-revealing software such as Sophos

Anti-Rootkit and Sysinternals' RootkitRevealer can help, err, root those

infections

out.

 

Though your ISP can identify zombies among its clientele, that doesn't

necessarily mean you can contact the company's support staff and reach someone

who

knows what you're talking about.

 

I got mixed results with my own ISP, AT & T . When I phoned tech support,

I reached someone who'd never heard of a zombie. An e-mail query yielded

another ignorant reaction, but a forceful rejoinder from me produced a

useful-sounding letter promising to inform me of any suspicious behavior.

 

Unfortunately, according to Trend Micro network architect Paul Ferguson, it's

not in ISPs' economic interest to be especially diligent or helpful about

this. " The vast majority do nothing at all, " he warned me.

 

If e-mail bounces back to you with a message that you've been blocked, your

address may be on a spam blacklist--most likely as a result of being zombified.

More than 100 such blacklists exist, and many ISPs use one or more of them to

block the IP addresses of known spammers. If you're on one or two such lists,

most of your mail will get through, but some will not.

 

Even if your e-mail isn't bouncing, it's a good idea to find out whether

you've been blacklisted. First, go to http://checkip.dyndns.org/ To view the IP

address you send out to the world--probably your router's. Select the displayed

address and choose Edit, Copy to copy it to your clipboard.

 

There are several blacklist reporting sites. My favorite is Robtex. Paste

your IP address into the only field on the page, and click Go. Robtex will list

a

great many blacklist sites. If any of them are red, you've got a problem. Use

the list's contact information to find out why you're on that list and how to

get off of it.

 

Finally, remember that prevention is the best medicine. Keep Windows and your

antivirus, firewall, and other security software up-to-date. Those

precautions will reduce the chances of infection from almost certain to

reasonably

unlikely.