Please wait while the page is being loaded Skip this advertisement >
ARN

Study: AOL leads ISPs in "zombie" computer infections

John E. Dunn (Techworld.com)  20 June, 2005 07:24:42
Have your say!
Add to Google

AOL is the global network most infected with "zombie" PCs, according to a new study.

Prolexic has spent the last six months compiling information on the problem of zombies using real-world denial-of-service attack attempts generated by the hijacked machines. AOL accounted for 5.3 percent of all infections, with Deutsche Telekom (t-ipconnect.de and t-dialin.net) in second place with 4.67 percent, and Wannadoo third with 3.27 percent.

The most infected countries as a percentage of the total detected were the U.S. (18 percent), China (11.2 percent), Germany (9.6 percent), the U.K. (5.1 percent) and France (5.1 percent). However, calculating zombie numbers on a per capita basis, the most infected countries turned out to be Hong Kong, Germany, Malaysia, Hungary, and the U.K., in that order.

"It shouldn't be a surprise to find that some of the most high profile Internet Service Providers (ISPs) are most susceptible to providing a safe haven for large numbers of zombie PCs," commented Prolexic CTO Barrett Lyon. "It is these networks which are continually being exploited to support large scale DDoS attacks."

"Just because a home user subscribes to a reputable brand doesn't mean they're safe from the online criminal fraternity," he said.

AOL has since defended itself by pointing out that it is by some way the largest ISP, and that the number of zombies on its network is actually low in relation to the total number of its subscribers.

Prolexic was at pains to emphasize that its zombie data was culled from attempted real-world attacks, and not traffic to research honeypots, used by some to calculate zombie incidence. The company's business is in selling "clean pipe" Internet connections so the assumption is that the data comes from attempts through its own network.

The company said it had seen a shift in the way zombies were being used for DDoS attacks in recent months. Attackers now favored "full connection based flood" whereby real IP addresses were apparent to the defenders. Such a brute force type of approach could still work because the sheer number of addresses could overload blacklisting systems.

Comments

Post new comment

Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
The content of this field is kept private and will not be shown publicly.
Enter the fully qualified URL, eg. http://www.example.com/
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Syndicate content
Careerone Job Search
Job seekers Get job alerts | Post your resume online | Interview tips | Ask Kate
Advertisers Click here to advertise your jobs to thousands of job seekers monthly.
 
ARN Distributor Directory
 
Find distributors by name
Find distributors by vendor
Find distributors by location
ARN Vendor Directory
 
Find vendors by name | Find by category
ARN Community Comments
Most Commented
ARN Library


Read Material

Storage Security Best Practices

SNIA’s vendor-neutral guidance for organisations wishing to secure their storage systems and infrastructure.

Subscribe to ARN

ARN has been the premier provider of information to the Australian IT channel for more than 12 years. As the only weekly publication dedicated to the channel, ARN produces timely, accurate news and analysis about IT business issues, products and services, new technology and market opportunities.
Sponsored Links