October 27, 2005 12:16 PM PDT

Microsoft takes on spam zombies

Hoping to turn the tide on spam zombies, Microsoft has filed suit against entities it said used compromised PCs to send millions of junk e-mail messages.

The company has identified 13 different spamming operations that use such "zombies," it said Thursday. A lawsuit was filed against unnamed defendants in August. Since then Microsoft has tracked down some of the people behind the operations, said Tim Cranton, director of Internet Safety Enforcement Programs at Microsoft in Redmond, Wash.

"We have identified a number of entities in North America that we feel the evidence will show are liable and culpable for the spamming that occurred," Cranton said.

Related story
ISPs versus the zombies
Service providers face growing pressure to deal with zombies.

Microsoft has taken spammers to court before for using deceptive subject lines or fake "from" addresses. The company is now expanding its spam fight to include criminals who hijack PCs to send unwanted e-mail. "We are moving upstream and looking at the source of the spam problem, and it is obviously the zombies," Cranton said.

A zombie is a computer--typically connected to the Internet via a broadband connection and without security software to protect it--that has been infected by a Trojan horse or other malicious code and is used remotely to send spam, mount denial-of-service attacks, or other online crimes. A network of zombies is referred to as a "botnet."

Zombie PCs have become a serious problem that requires more industry action, the Federal Trade Commission said earlier this year. Microsoft believes more than half of all spam is sent by zombies. The FTC has launched "Operation Spam Zombie" and asked Internet service providers to quarantine zombies and help users clean the PCs.

In its investigation, Microsoft intentionally created a zombie computer. Over a three-week period, the PC was accessed 5 million times by its remote controllers and used to send out 18 million spam messages advertising more than 13,000 Web sites, Cranton said. Microsoft said it blocked the junk mail before it hit the Internet.

"We were startled," Cranton said. "We did not expect the numbers to be that high and were surprised at the large volume of spam through just one zombie."

After the exercise, Microsoft analyzed traffic to the zombie and the spam messages it was meant to send out. It compared those with other spam messages captured in Hotmail accounts. The evidence contributed to the lawsuit in which Microsoft has identified 13 different spamming operations.

Microsoft's announcement comes weeks after Dutch police arrested three individuals suspected of hacking about 1.5 million PCs worldwide and turning those into a botnet. Microsoft's effort and the arrests in the Netherlands are just a drop in the bucket.

"We believe there are tens of millions of zombie computers out there," Cranton said.


Join the conversation!
Add your comment
First thing: don't run with administrator credentials!
THe first thing one has to do is not to run a PC with administrator credentials:

In Windows XP go to the "users" in the control panel, create another "user" called "admin". Choose a password for "admon".
Then choose the "user" you always use and change its "rights" to "limited account". Do it for any user of the PC if you have several users defined. Perform everyday tasks such as web-surfing, usinf office software etc. only as "limited user". You don't need more "rights" to do these things. And viruses etc. can use only the rights of the account they find working. If you surf as "administrator" you allow any website to install things on your PC, including software that grabs control of your PC.

Only use the "admin" account to do administrative stuff that requires these "rights", such as using Windows update to update the OS, or scanning for viruses or spyware, or installing software. Actually, most of these can also be done without working in the "admin" account. You can right-click almost any software and chose "run as..." and then choose the "admin" account and give the password. This way is safer because only the program you want runs with admin rights and not everything (such as something that manged to get in and waits for an admin account to run so it can use its rights???).

Even this way is not perfect - Windows is far from secure. But it eliminiates almost all risks.

Of course you need a good firewall, and probably scan for for viruses and spyware once in a while. And you should still be suspicious of email attachments and websites you don't know. But I've been using a home network several years this way (with hardware firewall and no regular virus scanning except email on the server) and never got a single virus.
Posted by hadaso (468 comments )
Reply Link Flag
Small problem
A large percentage of windows apps simply do not run in anything other then admin mode. Windows permissions are so primitive you can't temporarily give an app admin rights so it can run, keeping the rest of the system in a limited account.

Windows as a multi-user enviroment was an afterthought and the implementation shows it.

It is not a bad move, what MS is trying to do, but they need to accept responsibility themselves. Sure the criminals are at fault also, but so is MS for marketing a woeful unsecure system to computer novies. Then there is the fact that you can never get a windows box to match the default security of a linux box, unless you do drastic things like pull the internet connection from windows.

Would a bank be blamed that it got robbed because it left its vaults and front doors unlocked and wide open overnight with the only security being a drunken guard? You bet they would, along with the thieves, and rightly so!

MS has done the exact same thing with windows and should be held responsible.
Posted by Bill Dautrive (1179 comments )
Link Flag
"...tens of millions of zombie computers..."
Pls, tell me, how many computers of "tens millions of zombie" is running on MS Windows? 99 or 100%? ;-)
Posted by Andrew_Guly (1 comment )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.