Kill Bots
This information was derived from an article entitled, "Kill the Bots," on page 82 of May 2005,issue of
Technology Review.
Malicious computer worms infect more than 30,000 new computers each day to send spam or access specific websites. If
enough infected computers, called "zombies," attack a web server, the message influx can bring it down. Such events are
called Distributed Denial-of-Service (DDOS) attacks.
Zombies side step a web server's defenses by disguising them selves as legitimate users. The shear volume of bogus
messages overloads the server, preventing access by authentic users.
Such an attack took down the majority of web servers in Tallinn, Estonia in 2007. In that episode, the government of
Estonia called in a group of web experts from around the world to solve the problem. Zombie messages came from
computers all over the world, especially from South America. The source was determined to be Russia.
In a (possibly) unrelated event, a few months later, the owner of a Russian spamming company was murdered. No suspects
were ever found, but some say it may have been an internationally sanctioned hit by the intelligence arm of some other
country.
Kill-Bots have been developed by researchers at MIT, Princeton University, and Akamai Technologies that can distinguish
between Zombie and real messages. Kill-Bots are a software modification to a server's operating system that remain
asleep until a wave of traffic is detected. At that time the Kill-Bot software is launched to force senders to solve
a graphical puzzle before server access can be granted. Humans can solve the puzzles easily, but Zombies cannot solve
them at all. Sites that continuously send messages without solving the puzzle are automatically blocked. When incoming
traffic drops to normal levels, the Kill-Bot software ceases issuing puzzles. However, blocked sites are not
automatically unblocked.