That's the question a lot of security professionals and analysts would like to put to users. On Tuesday, the 13 servers that help manage worldwide Internet traffic were hit by a denial-of-service attack that nearly took down three of them. Analysts say the hackers' used possibly millions of zombie computers to wage the attack -- and they expect that army is populated with the desktops and laptops of unknowing users around the world.

"Individuals have contributed to this problem without knowing it," says Graham Cluley, a senior technology consultant with Sophos. "People heard about hackers doing these things, but guess what? It may have been your computer doing part of the hacking. ... People need to take more responsibility over the cleanliness of their PCs."

The roots are central machines on the Domain Name System. They're akin to directory assistance for the Internet, explains Zully Ramzan, a senior researcher at Symantec Security Response. The system converts the URLs into numeric addresses, which are then used to route traffic from one computer to another. If the root servers had been taken down for a significant amount of time, it could have crippled Internet traffic. That wasn't close to happening on Tuesday.

While they're referred to as the 13 root servers, there are many more computers involved. Each so-called server actually refers to an IP address, which can front many computers. Alan Paller, director of research at the SANS Institute, says they don't generally discuss how many computers are involved as a security precaution.

"The strength of those systems has to do with the number of those machines behind them," says Paller. "People don't know about this infrastructure, so it's hard to attack. It's one little window into a house with 50 rooms. You peek into the window and you can't see those 50 rooms. And that's good."

Analysts say the three root servers that were so greatly affected in Tuesday's attack most likely were standalone servers. The other 10 had multiple machines and that most likely helped them fare better during the attack.

When Zombies Attack

Starting at 5:30 a.m. EST on Tuesday, hackers launched a full-scale denial-of-service attack on the root servers. It was the largest one since an October 2002 attack that took down many of the roots. Three of the servers were nearly overloaded by the attack, but they didn't go down. They did, however, go into a brownout state, in which their response time was slowed.

It was a distributed attack, with the root servers getting hit with information from all around the world, says Johannes Ullrich, chief research officer at the SANS Institute and chief technology officer for the Internet Storm Center, a cooperative cyberthreat monitoring and alert system. He adds that hackers must have used a huge botnet -- possibly made up of millions of zombie computers.

A zombie is created when a hacker infects a computer with malware that opens a virtual door in the machine, allowing the hacker to remotely control it. Hackers infect as many computers as they can and create armies of them -- or botnets -- that they then use to launch denial-of-service attacks or to send out spam.

Ullrich says they track about a million infected systems a day at the Internet Storm Center, and he figures that represents only 10% of the infected systems out there.

Even though this week's attack was nearly as strong, but even more sophisticated, than the 2002 attack, the 13 servers remained up and running, and users around the world didn't notice a thing. Industry watchers say that's because the technical people who tend these servers, which are located around the globe, have spent the last four years increasing their capacity, as well as their security arsenals.

"If you ask any kind of company if they had been subjected to an attack like that, they probably wouldn't be able to stay online," says Ullrich. "They are constantly tinkering on the security on these root servers. They're constantly getting some kind of attack. There have been studies showing that a minority of the traffic they receive is valid traffic."

The root servers stood up so well to the attack because the people who manage them have been expecting the likes of it for years, says Sergey Bratus, a senior research associate with the Institute for Technology Studies at Dartmouth College.

"The possibility of the attack was seen a while ago and that's why these servers were so distributed," says Bratus, who notes that 12 organizations, including the U.S. Department of Defense and the University of Maryland, run the servers. "The idea was to build a network that would remain up even if several nodes are physically destroyed by, say, a nuclear strike. When the Internet was developed, there was a concern that they needed an underlying architecture that would keep the communications running even if there was something major."