10 Ways To Survive A Zombie Attack

Are You Prepared For Zombies?

In case you didn’t know, May is Zombie Awareness Month. Why May? Apparently it's because many films that highlight Zombie culture are set in the month of May, such as the classic "Night of the Living Dead" and the "Dawn of the Dead" remake. Even the Center for Disease Control, got into the act with it's tongue-in-cheek emergency planning guide to surviving a Zombie Apocalypse.

Now translate that to IT. "In the IT world the zombie apocalypse is already upon us in a very real sense – It's no coincidence that botnets are also referred to as zombie-nets for their ability to turn laptops into mindless minions for hackers," said Wade Williamson, threat analyst at Palo Alto Networks. "The plan for enterprises can mirror the CDC approach."

So here's our list of ways to survive a zombie attack. (We're talking about networks of infected computers controlled by a remote command and control server and used for malicious purposes, of course.)

Leave No Stone Unturned In Your Zombie Search

Derek Manky, senior security strategist at Fortinet, says that "zombies can be very patient pieces of code that can wait weeks or months before activating." Once they penetrate the network, Zombies can infect machines with rootkits, gaining elevated privileges that allow them to essentially control the operating system – hiding files, windows, network traffic, etc. So don't assume that a zombie isn't lurking in the shadows of your computer after a one-shot inspection. Be thorough as you inspect all traffic.

"Shine light on the shadows – zombies like to hide where you can't see them such as encrypted traffic, non-standard ports and rapidly fluxing URLs," said Palo Alto's Williamson.

And don't just rely on visual inspection or what your machine tells you. Zombies need to be headed off at the pass with gateway inspection, since packets have already been sent from a machine.

Pay Attention To The Warning Signs

You can often tell that a zombie is lurking in your machine — you just have to pay attention to the visual clues.

Zombies are created for one main purpose: to make money for their masters. One of the most popular ways of doing this is through scareware, pop-up windows that claim a user needs to purchase fake antivirus software by issuing a phony security scan. "It's a sure sign a resident zombie has downloaded this software to generate cash flow," said Fortinet's Manky.

Build Up Your Defenses

Zombies often infect unsuspecting users through vectors such as e-mail attachments, malicious links, USB drives and PDF documents. Typically, a file needs to be opened or a link needs to be followed to trigger an infection, so pay attention to links before clicking on them. Where is it taking you to? Is it a familiar site or unknown? Is the domain spelled wrong?

"At the very least confirm with the sender whether they intentionally sent the e-mail," said Hiep Dang, director of operations for McAfee Labs.

And the same goes for PDF, DOC, XLS files, which can also be exploited to spread an infection. Take a moment to examine e-mails with attachments before opening them to ensure that you either expect them or know the sender. If not, then delete, no matter how enticing it is to open that viral video of a cat playing piano. It will be worth it in the long run.

Profile The Zombies

No matter how politically incorrect you may think it is, profiling zombies is the most effective method of detection.

Despite what you may think, zombies have a habit of acting the same way in certain situations — responding the same way to the same servers on the same port — typically HTTP. If you detect a steady stream of HTTP traffic requesting the same IP address, especially if the browser isn't being used, there a good chance a zombie has infected your system.

Isolate the Zombies

It may sound cruel, but once a zombie is detected, isolate it—fast! Zombies can rapidly and easily infect other local machines on the network, so once a zombie is found, you need to quarantine the affected machine immediately until the threat has been eradicated.

"Segment and isolate!" said Wade Williamson, threat analyst at Palo Alto Networks. "Move away from the hard exterior and soft interior model. Secure segmentation between trust levels, key assets and users can keep a single breach from spreading across the entire enterprise."

Otherwise, you run the risk of infecting your entire network with malware that turns machines into mindless drones controlled by a remote command and control server for nefarious deeds. And nobody wants that.

Prevent The Zombie From Reaching Its Master

Utilizing intrusion prevention technology helps prevent zombies from invading a network, but it can also help detect zombie chatter and impede malicious communication with their creators. Even if a machine is infected with a zombie, detecting and blocking zombie traffic en route to its master is an effective way to mitigate the threat.

"Most of us spend much of our time trying to prevent zombies from getting through our defenses. However, it’s just as important to recognize the signs of Zombie-ism in case one of the walking dead does sneak through our perimeter," said Corey Nachreiner, senior network security strategist at WatchGuard Technologies. "When computers become zombies, the first thing they do is try to reach out to the rest of the zombie mob. Egress filtering can prevent this connection and it also acts as a warning sign that one of your computers is acting suspicious.


Hit 'Em From All Sides

A multi-layer threat often entails multi-layer security. That might mean deploying a unified threat management (UTM) device that houses multiple technologies under one roof, or multiple point products that create a unique security solution.

In any case, you should hit them where it hurts, with technologies that include antimalware, which blocks binary zombie code; intrusion prevention, which will help block exploit code from planting a zombie on your system via a malicious Web site; and Web filtering, which blocks malicious URLs before bad code is even sent.

Of course, anti-spam will help identify e-mails that carry malicious attachments and phishing links, and application control will help block zombie chatter, effectively cutting it off from communicating with its master.

Zombies Love Social Media

That's right. Zombies have found a tried and true attack method, almost guaranteed to give them the biggest bang for their buck. It's social media. They love it. Of the many ways there are to become infected with a zombie, social media is one of the most popular. Here, malware authors are hurling zombies about the social networking world through malicious links, videos and applications that claim to lead to something cute, or exciting, but in reality install infected code on users' computers. Yuck.

"On social media sites, do not connect with friends you do not really know. Be wary of what applications you install," said Hiep Dang, director of operations for McAfee Labs.

While it may not be absolutely foolproof, reduce your risk of becoming a zombie target by avoiding friend requests from users you don't know, and not going berserk on the application downloads.

Stay Away From Bad Neighborhoods

Like various other spooks, zombies loves to hang out in dodgy neighborhoods. Some of the shady hangouts you'll find them in are largely unregulated peer-to-peer file sharing sites, as well as the obvious places, such as porn and gambling sites.

As such WatchGuard's Nachreiner recommends implementing a cloud reputation authority to determine what neighborhoods to avoid.

"Visiting new places can be dangerous when zombies are taking over the world. Being the new kid in town, you don’t really know which areas of town are safe and which have been overrun by rotting corpses," Nachreiner said. "Having access to a cloud reputation authority allows you to ask an expert whether or not the place you intend to visit is an infection zone, thus preventing you from entering a place from which you cannot escape."

Don't Let Them Guess The Passwords

Once your computer is turned into a zombie, keyloggers and other data-stealing malware will give the command and control center access to pretty much every piece of information you enter on your machine, including login credentials such as usernames and passwords.

Even if malware is detected and eliminated, the bot masters still will have any original login credentials they initially swiped, which gives them full access to an array of accounts such as e-mail, banking and other financial accounts, social networking as well as a plethora of retail sites such as Amazon and eBay.

Don't give them the satisfaction. McAfee Labs' Hiep Dang advises that users should regularly change passwords on all of their accounts, and try to use as many unique passwords as possible for each account, to prevent malware authors from conducting brute force attacks that can rapidly guess dictionary word logins.