The below is a guest post.
E-Sports, a New York–based online gaming company, recently paid a $1 million settlement for installing malicious code on users' computers without their knowledge. Consumers would subscribe to E-Sports for $6.95 per month, which gave them access to cheat-free versions of games like Team Fortress 2 and Counter Strike. E-Sports would then install Bitcoin-mining code on the customer's computer. After obtaining the Bitcoins, E-Sports sold them and deposited the earnings into the company co-founder's online bank account. In the settlement agreement, E-Sports founders denied any involvement, blaming the incident on a rogue employee.
Although many of the best antivirus programs can find and remove malicious code like this, attackers are getting better at hijacking computers and turning them into zombies. For example, Bitcoin mining involves verifying many transactions to release a set of Bitcoins. In fact, computers require as many as 1.8 billion attempts to verify a set of transactions, so Bitcoin mining uses significant CPU power. Gaming computers like those used by E-Sports customers have powerful graphical processing units. Because these GPUs can mine Bitcoins more efficiently than regular computers, they made perfect zombie Bitcoin mining machines for E-Sports.
How Does an Innocent Computer Turn Into a Zombie?
If your computer connects to an infected network, visits a malicious website, opens a malicious email link or downloads unverified software or files, then it can inadvertently pick up what's called “botnet” code. Botnets are computers controlled by a remote attacker without the computer user's knowledge. Typically, attackers user botnets for a few main purposes:
- Spam. An attacker can use a compromised zombie computer to crank out massive amounts of spam email.
- Theft. Depending on the botnet malware that your computer downloads, remote attackers can track your keystrokes, extract information from your computer or take over your Web browser. They can gather bank account information, credit card numbers and passwords using malware.
- DDoS. An attacker can build a zombie computer army by infecting hundreds of thousands of machines. Then, the attacker can command all of the machines to repeatedly access a single website at the same time. Because of the massive traffic assault, the zombie computer army can crash the website servers and cause the website to become inaccessible.
How to Avoid Becoming a Zombie
Bitcoin mining may sound like a harmless get-rich-quick scheme, but DDoS attacks can be used to shut down government websites, bring financial transactions to a halt and potentially disable utility companies or other critical services. To protect both yourself and to protect others, you have a responsibility to keep your computer from being turned into a zombie. Take these precautions to avoid having your computer hijacked by an attacker's bite:
- Get antivirus protection. Antivirus protection can keep your from downloading unsafe files. It can also warn you before you click on a malicious URL. Many good solutions cost less than $5 per month, and it's a worthwhile investment considering the harm a botnet Trojan could do to your bank account.
- Don't download unfamiliar software. A company called Malwarebytes recently uncovered instances in which a program called “Your Free Proxy” by We Build Toolbars, LLC, actually spelled out in their end-user license agreement (EULA) that their software would use computers for Bitcoin mining. Because few people read EULAs or terms of service, Your Free Proxy customers, when giving permission to install the software, also gave the company to use their computers for Bitcoin mining. The moral of the story: Never download software unless you know it comes from a reputable source.
- Never click email links even when you trust the source. Always open a new browser window and access the website without clicking the link.
- Use a password manager. Until keyloggers become a thing of the past, use software like LastPass, Keeper or 1Password to store your passwords. That way, you can use multiple, complex passwords without worrying about typing them into a password field. In fact, many antivirus solutions offer password managers as part of their service package.
Protect your computer from becoming part of the zombie horde. Take common-sense precautions to avoid downloading botnet code, and perform regular antivirus scans to keep your computer free of malware.
Erica Taylor is an avid blogger and loves writing about all topics. Her favorite topics to focus on is travel and technology which inspires her on a daily basis to continue writing.