Date Added: May 2009
Compromised machines are one of the key security threats on the Internet; they are often used to launch various security attacks such as DDoS, spamming, and identity theft. In this paper the authors address this issue by investigating effective solutions to automatically identify compromised machines in a network. Given that spamming provides a key economic incentive for attackers to recruit the large number of compromised machines, they focus on the subset of compromised machines that are involved in the spamming activities, commonly known as spam zombies. They develop an effective spam zombie detection system named SPOT by monitoring outgoing messages of a network.