General discussion


FTC launches war on zombie nets

By deepsand ·
Thursday, June 9, 2005


By Bob Francis

Posted June 03, 2005 5:00 AM Pacific Time

Give the Federal Trade Commission some credit: It has some marketing skills. "Operation Spam Zombies" got plenty of play recently both because it is a good idea and because the name attracted a lot more attention than it would have if it were, say, "Operation Computer Spring Cleaning." Yawn.

Seriously, the FTC had a program a year or so ago called Operation Secure Your Server. I'm sure you recall that.

Aside from its attention-grabbing name, Operation Spam Zombies appears to at least have some strategy behind it. The program is a worldwide
effort to educate ISPs about the dangers of botnets and their role in the spread of spam.

The FTC has the lead in the U.S., but 20 other countries have also signed on to send information to more than 3,000 ISPs around the world in an effort to disable destructive botnets. The committed countries are already members of the London Action Plan, an international coalition
working to prevent spam. Among those signed up are Canada, Denmark, Germany, Ireland, Japan, the Netherlands, Taiwan, the United Kingdom, and the United States. The missing piece so far is China, the new King of the Zombie PCs, according to several recent surveys. But working together, that's a start.

Botnets, or zombie networks, are groups of computers infected by malware; the malware controls the infected PC and uses it to send spam
or launch DDoS attacks. You know that mail from "eBay" popping in every day asking you to "update your account" and, oh by the way, send credit card information along with it? That was probably sent courtesy of a botnet to make it more difficult to track the e-mail back to its
annoying originator.

A recent survey by anti-spam company CipherTrust estimates that 350,000 PCs a month are being recruited into this zombie army. Other surveys
suggest there are millions of PCs worldwide that can generate spam or create DDoS attacks. Researchers from the Honeynet Project tracked more
than 100 active botnets, including one containing 50,000 compromised zombie machines. That's quite an army of undead.

According to the FTC, the anti-zombie education program consists primarily of a letter sent to ISPs. The letter recommends that the ISP
proactively identify the computers on its network sending above-average numbers of e-mail messages and then find out whether the computers are being used as zombies. The letter suggests that infected machines be quarantined until the zombie software can be purged.

OK, a letter is probably somewhat less threatening than George Romero's zombie eradication recommendation in "Night of the Living Dead." But then, if you recall, that didn't work out so well either.

If you want to keep tabs on the zombie war, check out CipherTrust's Web site and download the Zombie Meter, which tracks worldwide zombie
activity in real time.

If you'd rather not wait on the FTC's letter striking fear into the hearts of the heartless zombie masters, you can look for companies such
as CipherTrust, IronPort, and Symantec, which offer network appliances aimed at keeping your computers zombie-free. Other companies, such as
Postini, offer mail-filtering services. And Avinti recently introduced iSolation Server 2.0, which uses virtual-machine technology to test for
behavior in an e-mail and identify viruses for which there is no known pattern or signature.

Sophos offers software and services to avoid the zombie curse. It also publishes a monthly virus report, so let's check the charts: The top
three computer viruses in May were the W32/Sober-N worm (43.8 percent of reports), followed by the W32/Zafi-D (14.5 percent) and the W32/Netsky-P
(13.1 percent).

"In May we saw a lot of activity surrounding Sober-N as it cunningly climbed the chart by using social engineering tricks, such as offering
free World Cup tickets, to lure recipients into opening the infected attachment," said Gregg Mastoras, senior security analyst at Sophos.

The bilingual Sober-N worm, which typically poses as an offer for tickets to the 2006 World Cup in Germany, was detected at the beginning
of the month and rapidly spread across 40 countries. Here's the part I find stunning: It accounted for 4.5 percent of all e-mail.
Four-point-five percent! That's a lot of soccer fans and a lot of potential zombies.

Bob Francis is a senior writer at InfoWorld

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

It's Zombie WAR!!! Day of the Dead Computers!

by Dr Dij In reply to FTC launches war on zombi ...

Strike 'em hard with those LETTERS!!!

(Since a UN resolution telling zombifiers to stop would be ineffective of course!)

Keep the internet safe for grandparents and kids

In all seriousness, I think we need to make securing computers easier for the clueless. Also ISPs might require certain software and/or config to connect if customer is zombified.

I know that's a long shot but may be essential in the long term. Biz would not think of hooking up to net without firewall, etc. (tho some do)

Collapse -

The best defense is a strong offense.

by deepsand In reply to It's Zombie WAR!!! Day o ...

A defense that relies solely on fortifying the targets a) is resource intensive, b) does nothing to get non-productive traffic off the channels, and c) is a reactive approach that does nothing to avert attacks via new vectors.

Without the active co-operation of the communications industry in general, and the ISPs in particular, we are doomed to forever trying to hide, each within his own armor.

Collapse -


by jmgarvin In reply to The best defense is a str ...

Let the user retaliate. Let vigilante groups form. I'm dead tired of all the zombies and unsecured computers on the broadband "LANs." I'm tired of being port scanned by johnny script kiddie and I want to bring him to his knees.

/old guy "get off my lawn" rant

Collapse -

OM rule.

by deepsand In reply to Retaliation

Yup; the kiddies got no respect for we OM, that's for sure.

Were it not for the fact that Adelphia might retaliate against some of my clients for violating their Terms of Service (ToS), I'd launch counter-strikes against the zombies on their loops. Given that they're on 24/7, so that even if they have a dynamic IP address it remains their's forever, they're real easy to find.

If a simple software firewall can ID them, why can't & does'nt Adelphia shut themdown for violating the ToS?

Collapse -

I agree ISP need to do something

by Dr Dij In reply to The best defense is a str ...

I just didn't think letters will do anything, but are probably a necessary requisite to passing law or industry best policy self policing, cooperation.

Collapse -

Nobody ever listens to me

by Roger99a In reply to FTC launches war on zombi ...

I've been saying it for months. ISP's should limit access to port 25 and this problem would slow to a crawl.

Collapse -

by antuck In reply to Nobody ever listens to me

Actually, SBC in the Chicago area, not sure if they did it else where, blocked port 25. The problem came from people using there own domains suddenly couldn't get email and had to go through SBC servers. This would be so much of a problem had they let the users know before hand. But suddenly one day emails stopped flowing.

Collapse -


by Dr Dij In reply to

you can ask for exceptions.
since zombified pc users are unlikely to ask, as the real owners are not triggering the spam
the zombie lords will just move onto next pc

Collapse -

I ask why

by Roger99a In reply to

Cox internet did it to me, too, but I think it was more of a ploy to get another $30/month out of me for a commercial account. I know they didn't do it over their whole network because I still get viruses and spam from their DHCP clients.

Collapse -


by antuck In reply to FTC launches war on zombi ...

I love the use of WAR in everything now a days. We have the war on drugs, war on terrorism, war on zombie computers and the war on common sense. I keep picturing a special ops team crashing in and taking out the bad guys. So far I've seen the war on drugs fail. We'll never win that war. The war on terrorism I see as failing. There are to many groups out there hiding so I don't see that being a war to be won. The war on zombie computers will be lost as well due to the war on common sense people have. So far the only war being won is the one on common sense. And that should be the easist one to win. Why do we use the word "WAR" for everything?

Related Discussions

Related Forums