October 27, 2005 12:16 PM PDT
Microsoft takes on spam zombies
- Related Stories
'Bot herders' may have controlled 1.5 million PCsOctober 21, 2005
ISPs versus the zombiesJuly 19, 2005
Feds to fight the zombiesMay 23, 2005
Zombie trick expected to send spam sky-highFebruary 2, 2005
Microsoft sues more alleged spammersDecember 2, 2004
Alarm growing over bot softwareApril 30, 2004
The company has identified 13 different spamming operations that use such "zombies," it said Thursday. A lawsuit was filed against unnamed defendants in August. Since then Microsoft has tracked down some of the people behind the operations, said Tim Cranton, director of Internet Safety Enforcement Programs at Microsoft in Redmond, Wash.
"We have identified a number of entities in North America that we feel the evidence will show are liable and culpable for the spamming that occurred," Cranton said.
Microsoft has taken spammers to court before for using deceptive subject lines or fake "from" addresses. The company is now expanding its spam fight to include criminals who hijack PCs to send unwanted e-mail. "We are moving upstream and looking at the source of the spam problem, and it is obviously the zombies," Cranton said.
A zombie is a computer--typically connected to the Internet via a broadband connection and without security software to protect it--that has been infected by a Trojan horse or other malicious code and is used remotely to send spam, mount denial-of-service attacks, or other online crimes. A network of zombies is referred to as a "botnet."
Zombie PCs have become a serious problem that requires more industry action, the Federal Trade Commission said earlier this year. Microsoft believes more than half of all spam is sent by zombies. The FTC has launched "Operation Spam Zombie" and asked Internet service providers to quarantine zombies and help users clean the PCs.
In its investigation, Microsoft intentionally created a zombie computer. Over a three-week period, the PC was accessed 5 million times by its remote controllers and used to send out 18 million spam messages advertising more than 13,000 Web sites, Cranton said. Microsoft said it blocked the junk mail before it hit the Internet.
"We were startled," Cranton said. "We did not expect the numbers to be that high and were surprised at the large volume of spam through just one zombie."
After the exercise, Microsoft analyzed traffic to the zombie and the spam messages it was meant to send out. It compared those with other spam messages captured in Hotmail accounts. The evidence contributed to the lawsuit in which Microsoft has identified 13 different spamming operations.
Microsoft's announcement comes weeks after Dutch police arrested three individuals suspected of hacking about 1.5 million PCs worldwide and turning those into a botnet. Microsoft's effort and the arrests in the Netherlands are just a drop in the bucket.
"We believe there are tens of millions of zombie computers out there," Cranton said.
6 commentsJoin the conversation! Add your comment