If you thought you knew your computer, think again.
Without your knowledge, it may be turning into a rampaging zombie at night, brutally attacking helpless servers.
-
This is no fantasy.
Computers around the world are being infected with viruses that turn them into literal zombies.
The virus can arrive via email, inside an installation package for an innocent-looking game, or — most commonly — embedded in pirated content available for free download on the internet.
Once a computer is infected, it joins a network of other compromised machines, and together they form a **botnet** — a network of bots waiting for commands from its operator.
-
The classic use of a botnet is to launch **Distributed Denial-of-Service (DDoS)** attacks.
A client on the dark web hires the botnet operator, who then unleashes the bot network against a specific internet address with a massive flood of requests, until the targeted server collapses.
The most interesting part of the story, however, is the way the operator controls the bots and sends them commands.
-
DNS servers are used to resolve domain names into IP addresses — a fascinating topic for another time.
They contain various types of records, including **TXT records**, which are typically used to verify domain ownership.
The advantage of a TXT record is that it is completely public: anyone on the internet can access it without authentication.
The virus that turns a computer into a botnet node causes it to periodically query the TXT records of a specific domain and read their contents.
To activate the network of infected machines, the operator creates a TXT record containing the attack command and the address of the target server. The computers in the network read the command from there and proceed to attack.
-
The advantage of this method is that it requires no direct communication with the machines in the botnet — an extremely complex technical challenge to pull off otherwise.
The drawback is that up-to-date antivirus systems have learned to recognize this behavioral pattern: an unexplained query to a TXT record is a strong indicator of a botnet command-and-control operation.
And this is just one more example of the ongoing battle of wits in the world of cybersecurity. Every sophisticated attack drives the development of a corresponding defense, which in turn spurs an even more sophisticated attack — and so the cycle continues.