UK joins campaign to stamp out spam 'zombies'

By Steve Malone

Posted on 25 May 2005 at 14:59

Twenty countries around the world have pledged to 'educate' their ISPs about the dangers of botnets and their role in the spread of spam.

'Operation Spam Zombies' will involve those countries and a further 16 government agencies have promised to send letters to more than 3,000 ISPs around the world. The letters will explain the dangers of zombie networks and urge the ISPs to introduce safeguards to prevent their customers' computers from being hijacked by spammers.

Botnets that are used to generate spam are increasing at an alarming rate. A recent survey by CipherTrust estimated that 350,000 machines a month are being recruited into the zombie army. Other surveys suggest that world wide there are millions of PCs that can be employed to generate spam or serve other criminal activities, such as denial of service attacks.

Among the measures to be recommended are blocking a common Internet port used for e-mail when possible, applying rate-limiting controls for e-mail relays, provide plain-language information for customers on how to keep their home computers secure and providing them with easy-to-use security tools to remove zombie code from their computers.

The letters will also recommend that ISPs should be proactive in identifying those computers on their networks that are sending large amounts of e-mail and discover whether they are being used as a spam zombie. The advice suggests that infected machines should be 'quarantined' - removed from the network - until the zombie software is removed.

The letters, although they don't have the force of law, are indications that the authorities and other web users believe that ISPs should be held responsible for the security of their customers' PCs. Recently, Telewest customers were blacklisted by an anti-spam organisation forcing the company to take steps to remove spam zombies from its network.

The 20 countries involved are already members of the London Action Plan, an international organisation aimed at preventing spam. Among those signed up to the initiative are Canada, Denmark, Japan, Ireland, the Netherlands, Germany, Taiwan, and the United States, as well as the United Kingdom.

The US Federal Trade Commission has posted a copy of the letter and the aims of the group on its website.