We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,797 News Articles

AOL tops zombie league

Web giant’s customers account for highest number of infected PCs

AOL is the global network most infected with ’zombie’ PCs, according to a study.

US internet security company Prolexic has spent the past six months compiling data on DoS (denial-of-service) attacks generated by hijacked machines. AOL accounted for 5.3 percent of all infections, with Deutsche Telekom in second place (4.67 percent) and Wannadoo third (3.27 percent).

The most infected countries as a percentage of the total detected were the US (18 percent), China (11.2 percent), Germany (9.6 percent), the UK (5.1 percent) and France (5.1 percent). However, calculating zombie numbers on a per capita basis, the most infected countries turned out to be Hong Kong, Germany, Malaysia, Hungary and the UK, in that order.

"It shouldn't be a surprise to find that some of the most high-profile ISPs are most susceptible to providing a safe haven for large numbers of zombie PCs," said a Prolexic spokesperson. "It is these networks which are continually being exploited to support large scale DoS attacks."

"Just because a home user subscribes to a reputable brand doesn't mean they're safe from the online criminal fraternity," he said.

AOL pointed out that it is by some way the largest ISP, and that the number of zombies on its network is low in relation to the total number of its subscribers.

Prolexic was at pains to emphasise that its zombie data was culled from attempted real-world attacks, and not traffic to research honeypots. The company's business is in selling clean pipe web connections, so the assumption is that the data comes from attempts through its own network.

Prolexic said it had seen a shift in the way zombies were being used for DoS attacks in recent months. Attackers now favoured full connection-based flood, in which real IP addresses were apparent to the defenders. Such a brute force approach may still work because the sheer number of addresses could overload blacklisting systems.


IDG UK Sites

5 things we want to see in Android M: New features and fixes

IDG UK Sites

iPad mini 3 release date rumours: 'iPad mini Air' will be 30 percent thinner than current model

IDG UK Sites

Introducing generation tech

IDG UK Sites

This animated film reveals the importance of designing for everyone