July 19, 2005 4:00 AM PDT
ISPs versus the zombies
In the next few months, ISPs in the United States will begin receiving reports on the zombies, or PCs open to control by hackers, that lurk on their networks. The data will be sent out by the Federal Trade Commission, which said in May that zombies have become such a serious problem that more industry action is required.
Analysts said that if service providers resist the call and take a hands-off approach, people could lose their trust in online activity--and the consequences of that could be severe.
Internet service providers face mounting pressure to keep their networks free of zombies, which are increasingly used to launch phishing and other attacks.
If ISPs don't assume more responsibility for cleaning up, people could lose their trust in online activity and the Internet take a hit, experts warn.
"The Internet would eventually grind to a halt," said Paul Stamp, an analyst with Forrester Research.
Given the growth of zombie-fed threats such as phishing, ISPs can no longer afford to leave the task of securing users' PCs to the consumers themselves, critics say. But taking more responsibility to protect Internet traffic would mean monitoring activity on their networks more closely--a move that has implications for customer privacy and for their bottom line.
The FTC has called on ISPs to identify zombies on their networks, quarantine those hijacked PCs and help customers clean them. Consumers and Microsoft are also urging service providers to act.
Zombies are put to work to relay marketing spam and to send messages used in phishing scams, which attempt to steal sensitive personal data, for example. They have also been used to host the faked Web sites in phishing scams or to mount denial-of-service attacks against online businesses targeted by extortion schemes. In addition, they're used to compromise more PCs, which are added to the networks of zombies, called "botnets."
Incidents involving the malicious code that turns PCs into zombies, also known as "bot" code, reached 13,000 from April through June, according to a recent report from McAfee. That's quadruple the number tracked by the antivirus software maker in the previous three months.
But ISPs have not been sitting idle. At a minimum, they provide online security guidance for customers and apply virus and spam filters to incoming e-mail. Bot code often hides in Trojan horses sent in spam, or is spread via e-mail or instant-message worms.
Some, including America Online, EarthLink and Cox, offer free desktop security software suites that include antivirus, firewall and sometimes anti-spyware software. These additional shields offer protection against infestation by other means than just e-mail.
Several ISPs have also taken measures to prevent zombie PCs connected to their network from sending out junk mail. A technique called "port 25 blocking" allows a provider to make sure that members' computers only send out e-mail that originates from its own server and not from a spammer's server. In addition, most service providers use techniques such as rate limiting, which control the number of e-mail messages that a member can send.
But those measures are not enough, some experts say. To take down zombies, ISPs should monitor their networks closer for traffic generated by the compromised PCs, said Dmitri Alperovitch, research engineer at CipherTrust, a security vendor in Alpharetta, Ga.
Additionally, service providers should improve customer education and could also force people to scan their PC for known vulnerabilities before going online, Alperovitch said. This could help prevent so-called drive-by installs, which deposit bot code on a PC when the owner uses an unpatched browser to visit a malicious Web site.
Others have suggested that companies cut off Internet connections for customers who don't carry out preventive measures.
"ISPs allow these machines to communicate with the rest of the world. They have the power to do a lot about the zombie threat, and they should be doing a lot about it," Alperovitch said.
A start for Internet companies would be for them to participate more actively in security groups and to use data on zombies collected by third-party security companies such as CipherTrust, he said.
A few ISPs are open about their efforts--Cox and EarthLink, for example. Others hold their security cards close to their chest, so as not to tip off the bad guys. Comcast, one of the largest broadband providers in the United States, is an example of that.
Cox, which has 2.7 million broadband customers, said it received about 30,000 complaints about its users in May. About one-third of those
Page 1 | 2
35 commentsJoin the conversation! Add your comment