Though the name zombie may seem to suggest that the infected computer is now useless, this is not the case. Most zombies display no outward sign of being infected except perhaps running more slowly, which means worms can easily go unnoticed.

Depending upon its programming, the worm will generally direct the host computer to perform a limited set of actions testing the host’s Internet connection, downloading updated versions of its software, and contacting the botnet controller to let it know it has successfully established itself. Some worms then send out copies of themselves to connected networks, effectively reproducing and expanding the botnet at a rapid rate.

At the direction of the botnet controller, the bots can be told to contact a specific Web site en masse, pinging it until the site is shut down from Internet traffic overload. Intentionally overloading a site until it slows or shuts down is called a distributed denial of service DDOS attack. DDOS attacks have become a major way that botnets are used to create revenue for botnet controllers also called botherders, through the extortion of Web site owners to avoid being shut down by a DDOS attack.

