When your webcam becomes a zombie

20 June 2024

Cybercriminals used the 911 S5 botnet over several years to cause billions of dollars in damage. At the end of May, the FBI, together with investigative authorities from various countries, managed to thwart the ambition of the mastermind responsible. But what is a botnet anyway? How does it work, and how do you protect yourself from becoming part of it?


Botnets weave their way through the Internet like gigantic spider’s webs: They connect computers to huge networks and instrumentalise them for their own purposes – all without the users suspecting any foul play. This is because the malware is programmed to lie dormant on a computer until it is “woken up” by a command from what is known as the bot herder. Once the malware has set itself up on a computer or smartphone, it can also infect other devices in the network, be they the Internet router, a webcam or a smart TV, and recruit them for the zombie army.According to studies, several thousand computers are hijacked every day worldwide and misused, mostly for illegal purposes. These studies also reveal that a newly connected computer can be attacked by cybercriminals just a few minutes after it goes online for the first time.


What do cybercriminals use botnets for?

Cybercriminals use zombie armies for a variety of purposes: to send spam and phishing messages, to spread viruses, or to infiltrate other devices to expand their network. Or they use them as a backdoor to access sensitive user data or to encrypt the data on the infected computers and blackmail their owners into making ransom payments.

The “Quakbot” botnet, for example, which was dismantled in Germany in 2023, caused damage to companies, authorities and healthcare systems worldwide amounting to hundreds of millions of euros. The 911 S5 botnet, whose overlord was arrested in Singapore in May, caused even greater damage than this. Among other things, it was used to send over half a million fake applications for unemployment benefits to US authorities. The damage from this campaign alone is estimated by the US Attorney General’s Office at more than 5.9 billion US dollars.

The digital zombie armies are also often hired out for money to other cybercriminals who then use them for their own purposes. Botnets are particularly often used for what are known as DDoS ("Distributed Denial-of-Service”) attacks: In such attacks, websites or servers are bombarded with calls from the hijacked computers, causing them to crash. The websites of Internet heavyweights such as Amazon, eBay and Yahoo, but also that of Germany’s Financial Supervisory Authority, have all been paralysed in this way for short periods.

The electronic zombies are also increasingly often being deployed to mine for Bitcoins or other cryptocurrencies on behalf of hackers. While the cybercriminals mine millions, the electricity bills of the affected users go up, and their computers slow down before prematurely giving up the ghost due to the strain.


How do you involuntarily get recruited for the zombie army?

Most users become infected when visiting a website or opening a dubious email attachment. However, the bots can also penetrate a computer if it is not protected by an antivirus program and a firewall. The operators of botnet 911 S5 chose a particularly perfidious path: They used freely available VPN programs that users install to surf the web anonymously or conceal their true whereabouts from websites. These programs delivered what they promised while at the same time also opening a backdoor to the botnet for the cybercriminals. 19 million computers in over 190 countries were infiltrated in this way. This page operated by the FBI explains how you can tell if you have one of these misappropriated VPN programs on your computer and how to get rid of it.


How can you protect your device from zombification?

It’s only possible to determine to a limited extent whether your computer has already been recruited for the zombie army. If your PC or Internet connection slows down, this might be a telltale sign that it has been recruited for a botnet. But this could just as well have other reasons. The most important thing to be aware of is that, if a bot is secretly slumbering on your computer and waiting for commands from the bot herder, there is no way at all to identify it. If you want to avoid getting caught in the spider’s web in the first place, then you should follow the same recommendations that apply to other forms of cybercrime:

  • Avoid dubious websites when you surf, and don’t click on questionable links or open suspicious e-mail attachments.
  • Install a virus scanner – free basic versions are often good enough!
  • Always keep your device software up to date. Install your security updates quickly or, ideally, set them to install automatically.
  • Don’t install apps other than those offered on Google Play or the App Store. Even these can’t guarantee one hundred percent security, although they are at least always checked for malware.
  • Don’t unthinkingly confirm an app’s permission request: Does your newly installed note-taking app really need to be granted access to your contacts or send messages to fulfil its function? You should ask yourself questions like this deliberately and calmly, instead of simply clicking impatiently on “Allow access”.