ESET Reviews the Scariest Zombie Botnets and Offers Online Tips for Halloween

30 October 2017

With Halloween here, ESET researchers have the safety of online users on their mind once again. So what are the surfers to steer clear of on this day? And what is according to ESET the scariest zombie malware out there? ESET researchers offer both security tips and take a look at the scariest zombie botnets.


ESET’s Germany-based researcher Raphael Labaca Castro has put together four golden tips to take the “scary” out of your online adventures this Halloween:

  • Be careful with e-mails with a Halloween subject. Halloween, as many other noteworthy dates and events, is used by attackers to perform social engineering and convince you that their emails are a good thing, when they are actually malicious. If you don’t expect the email, it is a good idea to just not open it.
  • Update your AV-Solution. If you don’t have one, install it. The “I know what I am doing on the Internet-and don’t need-protection” defense or “I-use-a-secure-platform” are myths. Threats like drive-by-download could exploit a vulnerability in your browser as soon as you visit the page without ever clicking anything on it.  And at Halloween we might see a rise in these kinds of attacks.
  • Set updates on your software to 'automatic'. The time when you sit in front of your computer and perform all updates manually is close to never. The next best thing is to set updates automatically. Remember that all software should be updated, not only the OS, browsers and AV. PDF readers, Java, Office, video players are also key to keep up to date. So, that makes it everything!
  • For Halloween when searching in Google, Bing, Yahoo, be aware that some attackers use techniques to bump up the ranking of infected sites, which is known as BlackHat SEO, so as to increase the likelihood you could click on them. In addition, sometimes they compromise legitimate websites, which makes it even harder to spot. So, pay attention to the source you are clicking on first, and second with an up-to-date anti-malware solution you should be able to detect these threats.  

Also, take some hints on what else you could encounter from ESET North America researcher Lysa Myers, who looks at the Top 5 Scariest Zombie Botnets in her recent piece on ESET WeLiveSecurity.

“A 'zombie' is a machine that has been infected with a certain type of remotely controlled malware. … A network of zombies is a bit like post-apocalyptic infection scenarios in the movies. Some of these things are virtually un-killable – there always seems to be that last undead creature lurking in the shadows, ready to start the next wave of trouble. Here is a list of the five zombie networks that gave me, and many of the other researchers helping to try to stop them, the creeping willies,” says Myers.


The following are the top five zombies on her list:

  1. Storm - This is the oldest malware on our list. It had some of the first early successes in using some of the tactics that would later be used by other botnets. It was massive, gaining as many as ten million Windows machines at its zenith. It was also one of the first incredibly large botnets that was used for the financial gain of its authors.
  2. Conficker - At its height, Conficker had infected many millions of Windows machines: some figures say as many as 15 million. In the movies, when a threat is overwhelming our way of life, a group of specialists must be formed to take down the enemy. This was no different: the flood of infections was so great that the Conficker Working Group was created to fight it. However, there are still over one million computers still affected worldwide, six years after it was first discovered.
  3. Zeus - This malware had not only a successful botnet on Windows machines, but it had a component that stole online banking codes from a variety of infected mobile devices (Symbian, Windows Mobile, Android and Blackberry). In 2012, the US Marshals and their tech-industry partners took down the botnet. But the original authors took pieces of their original creation and brought it back to life as GameOver Zeus, which the FBI and its partners took down this summer. But that was not the end of this beast: its creators are once again rebuilding their zombie network. And remember Cryptolocker, which had us losing so much sleep last year? This threat was being spread by Zeus variants.
  4. Flashback - For folks who thought that “Macs don’t get viruses”, Flashback was a bit of a shock. But Macs can and do get malware – infected machines became part of a massive botnet. Flashback got a huge percentage of the total number of Apple machines worldwide, with over 600,000 infected at its peak. The botnet now sits abandoned.
  5. Windigo - On the surface, this bot appears like so many others: it steals credentials from infected machines, or uses their processing power to send spam. And with only a few tens of thousands of infected machines at its peak, this threat would hardly seem to qualify with the likes of the rest of the botnets on this list. But on the other hand, the authors of this malware seem to have grown their zombie army very slowly, such that they managed to stay under the radar for quite some time. And those tens of thousands of machines are Linux machines, mostly servers, and many of these infected machines host websites that millions of people visit.

For more on Top 5 Scariest Zombie Botnets visit ESET WeLiveSecurity.com.