SMARTER WAVE OF WEB ZOMBIES STEPS UP

Washington
Financial Chronicle

In a windowless room on the Microsoft campus here, T. J. Campana, a cybercrime investigator, connects an unprotected computer running an early version of Windows XP to the Internet. In less than a minute the computer is ‘‘owned.’’ An automated program lurking on the Internet has remotely taken over the PC and turned it into a ‘‘zombie.’’ That computer and other zombie machines are then assembled into systems called ‘‘botnets’’ — home and business PCs hooked together into a vast chain of cyber-robots that do the bidding of automated programs to send the majority of e-mail spam, to illegally seek financial information and to install malicious software on still more PCs. Botnets remain an Internet scourge.

Active zombie networks created by a growing criminal underground peaked last month at more than half a million, according to shadowserver.org, an organization that tracks botnets. Even though security experts have fought the botnets down to about 300,000 networks, that is still twice the number detected a year ago.

The actual numbers may be far larger; Microsoft investigators, who say they are tracking about 1,000 botnets at any given time, say the largest network still controls several million PCs.

‘‘The mean time to infection is less than five minutes,’’ said Richie Lai, who is part of Microsoft’s Internet Safety Enforcement Team, a group of about 20 researchers and investigators.