It’s not quite “Night of the Living Dead”, but zombies–that is, individual PCs that have been taken over by botnets–are becoming a major threat to the Internet.

According to a recent report from the Shadowserver Foundation, there has been at least a threefold increase in zombies in the past three months. According to the report, there are currently 450,000 computers that have been hijacked into zombie networks, up from about 100,000 in June. What’s particularly alarming about the zombie botnet phenomena is that it is highly organized, often run by criminal rings that operate high-tech offices and function like regular companies. The criminal enterprises either use the resulting botnets for their own illegitimate commercial ventures, or create service bureaus to rent out the botnet to others.

How has the zombie threat gotten so huge? One reason is simply the lure of huge profits, causing the perpetrators to put more time, energy and research into refining their botnets. On the technical side, they “booby-trap” web sites with automatic downloads, and then try to get unsuspecting victims to surf to those sites, often through email phishing schemes. Once infected, the victim computer is used as part of a network of machines used to send spam and junk email. According to Shadowserver, the rise is due in part to the cyber-criminals concentrating their resources, and the creation of more infected web sites.

The criminals are unrelenting. When one server gets shut down, they just automatically move to the next one. Some botnetes (such as Storm) use a P2P network instead of a centralized server, which further thwarts efforts to shut it down. Self-protection mechanisms have even been detected, whereby if a botnet is probed, it automatically launches an attack against the research network doing the probe. Some botnets (such as Kraken) often rely on image files to launch an attack.

While Shadowserver reports that the criminals are using web attacks to get victims more than relying on sending virus-laden emails, the email threat is still significant, and strong antivirus protection measures are still in order, as well as education.