Microsoft digs up zombie network horror
By Matt Whipp
Posted on 28 Oct 2005 at 12:19
Microsoft has revealed the true scale of the 'zombie' threat in an experiment that has founded 13 investigations into spam operations.
The company says it intentionally set up a zombie computer, stuck it online for three weeks and watched what happened.
Although the machine was configured so that it wouldn't actually send out any spam itself, it was quickly identified as a new recruit to the zombie networks and enlisted for spamming duties.
Reseachers noted 5m requests for connections to the machine over the period and attempts to send 18m spam messages carrying advertising for 13,000 websites.
'The widespread use of zombie computers to commit crimes over the Internet presents a very real danger to law-abiding computer users,' said Tim Cranton, director of Internet Safety Enforcement Programs at Microsoft. 'This is precisely why Microsoft initiated this investigation into zombies and took legal action. As a result, we have identified more than a dozen spamming operations exploiting zombie networks to send millions of illegal spam messgaes. We will continue our investigations and will maintain a steady, concerted effort to indentify and target criminals to help make the Internet safer.'
Microsoft is also working with the Federal Trade Commission on the Operation Spam Zombies initiative, that seeks to encourage ISPs to take action against any zombie systems they identify on their networks.
In addition Microsoft set up its Postmaster and Smart Network Data Services monitoring last May, which allows ISPs to identify ip addresses on their network that are sending spam to Microsoft's Hotmail email service.
And spam is not the only problem. Networks of 'zombie' computers, or botnets, can be used to launch phishing attacks, seed new viruses, launch denial of service attacks and be put to other sinister uses.
However, the emphasis is still on education and encouragement of best practices. There is as yet no legal requirement for consumers to have security software on their machines, or for ISPs to shut out identified compromised machines on their networks.
Both Microsoft and the FTC offer top tips for consumers on how to stay safe online. The UK Government also launched its own Get Safe Online campaign yesterday.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Is Microsoft mismanaging Windows on ARM?
- Dealing with spam surrogates
- Why 3G broadband can be better and cheaper than ADSL
- Is Twitter bad for business?
- Publishing your email address isn't a security disaster
- Why you'll need a fax machine to develop iOS apps
- Learning to adapt to the mobile web
- Why you shouldn't use WPS on your Wi-Fi network
- Disabled users suffer when software breaks the rules
advertisement
