Updated on 2022-09-01 GMT+08:00

Zombie

Overview

A zombie is a computer connected to the Internet that has been compromised by a hacker, computer virus, or Trojan horse program and can be used to perform malicious tasks of one sort or another under remote direction. Attackers send commands to "zombies" through control channels and order them to send forged or junk packets to targets. As a result, the targets fail to respond and deny normal services. This is a common DDoS attack. Now, as virtual currencies, such as Bitcoins, grow in value, attackers start using zombies to mine Bitcoins.

SA can detect seven types of zombie threats. The professional edition can detect all types of zombie threats. The standard edition can detect five of them. The basic edition does not support zombie detection.

Suggestion

When a zombie threat is detected, the ECS instance is detected to have mining behavior (for example, accessing the address of the mining pool), or initiate DDoS attacks or brute force attacks, the ECS instance may have been implanted with mining Trojan horses or backdoor programs and may become a botnet. The severity of this type of threat is High. Therefore, you are advised to perform the following operations:

  1. Scan for and remove viruses and Trojan horses on the ECS instance. If the scanning and removal fail, disable the instance.
  2. Check whether other hosts on the subnet where the instance resides are intruded.
  3. Purchase HSS.