zombie is a computer connected to the Internet that a hacker, computer worm, virus, Trojan horse program, or other similar malware has compromised. It’s mainly used to perform malicious commands under the remote direction of the hacker. Zombie computers often belong and coordinate together with a botnet controlled by a hacker and are used for illegal online activities, such as spreading spam emails and directing distributed denial-of-service attacks (DDoS attacks).

Most users are unaware that their machine has become a zombie computer. This concept is inspired by the zombies of Haitian Voodoo folklore, which is perceived as a corpse resurrected by a sorcerer and enslaved to their commands.


Table of Contents




Zombie computers were known to be used in email spam; in 2005, an estimated 50-80% of all spam globally was sent by zombie computers. Hackers benefit from this by making themselves virtually invisible from law enforcement and significantly reducing bandwidth costs since most owners of infected computers still pay for their internet bills.

Widespread spam also caused the emergence of Trojan horses since Trojan horses are not self-replicating. They rely on the movement of emails to grow, compared to computer worms, which can spread in various ways. Zombies are also used for other scams, like click fraud displaying pay-per-click (PPC) advertising, phishing, and money mule recruitment.


Distributed Denial-of-Service Attacks

Zombies can be used to do activities like distributed denial-of-service (DDoS) attacks, a term that refers to the orchestrated flooding of target sites by large numbers of computers at once. The simultaneous requests made by these computers cause overwhelming traffic on the website’s server, causing it to crash and preventing legitimate users from accessing the site.

Another variation of DDoS attacks is distributed degradation-of-service (DoS) attacks. It’s the moderated and periodic flooding of target websites, leading to slow server responses. DoS attacks are made instead of the typical DDoS since the latter can be quickly detected and stopped, while DoS attacks done by pulsing zombie computers have long-term effects that can go unnoticed for long periods.

The most famous DDoS and DoS attacks done in the past were against the Blue Frog service in 2006 and the Spam Prevention Early Warning System (SPEWS) service in 2003. In 2000, a hacker by the codename “MafiaBoy” was infamous for conducting DDoS attacks on mainstream sites like Yahoo, Amazon, CNN, eBay, and a few others.



In 2009, similar botnet capabilities also emerged for smartphones. One of the most notable worms was the Sexy Space text message worm, the first botnet-capable worm in the world. It specifically targeted devices with the Symbian OS in Nokia smartphones. Users in the United Arab Emirates were also targeted by the Etisalat by e& Blackberry spyware program.