FTC Launches International Campaign Against Zombies - InformationWeek
03:38 PM
Connect Directly

FTC Launches International Campaign Against Zombies

The commission and 35 government partners from more than 20 countries launched "Operation Spam Zombies" to educate Internet service providers about hijacked computers on their networks.

The Federal Trade Commission, in conjunction with 35 government partners from more than 20 countries, on Tuesday launched "Operation Spam Zombies," an international campaign designed to educate Internet service providers about hijacked, or "zombie," computers on their networks.

Zombie PCs are computers that have been compromised by attackers though the use of viruses, worms, or Trojan programs. Such machines can be controlled remotely by the attacker or those granted access in exchange for payment. Spammers and hackers use zombies to send unsolicited commercial E-mail, distribute malware, store illegal files, and conduct denial-of-service attacks without the owners' knowledge or consent. Because most criminal computer conduct falls under the jurisdiction of law enforcement agencies, the FTC is primarily concerned about zombies as a source of spam.

"Computers around the globe have been hijacked to send unwanted E-mail," Lydia Parnes, director of the FTC's Bureau of Consumer Protection, said in a statement. "With our international partners, we're urging Internet service providers worldwide to step up their efforts to protect computer users from costly, annoying, and intrusive spam 'zombies.'"

Gregg Mastoras, senior security analyst at security company Sophos plc, estimates that half of spam originates from zombie PCs. He also says that 70% to 80% of all E-mail is spam today. Don Blumenthal, Internet lab coordinator at the FTC, says he's seen credible reports that suggest as much as 80% to 90% of spam may come from zombies.

The amount of spam coming from zombies appears to be on the rise. "We're blocking 50 million E-mails coming from zombies a day," says Charles McColgan, chief technology officer of messaging management company FrontBridge Technologies Inc. "That's up from last month when it was in the 20 [million] to 30 million range."

The FTC's primary weapon in its war against zombie spam is bulk E-mail. Twenty members of the London Action Plan, an international anti-spam group, and 16 additional government agencies will E-mail several thousand ISPs around the world, asking them to take steps to protect the computers on their networks. These steps include blocking certain outbound server ports used by spammers, applying rate limiting controls on E-mail relays, profiling mail-sending patterns to identify likely zombies, and providing end-user security information and remediation tools.

In the past two years, the FTC has launched two similar campaigns, one against open relays in 2003 and "Operation Secure Your Server" in 2004. Blumenthal says the effectiveness of those earlier efforts is hard to quantify. However, he says they've generated a positive response from the Internet community and that open relays and open proxies are no longer the major problems they once were.

Mastoras says that while he applauds the effort, more needs to be done. "The Can-Spam Act was primarily a failure," he says. The FTC "needs to re-examine that and see if it can be crafted in a better way. But at some point you have to hold ISPs responsible. They need to be aware of what's going on in their network."

Awareness may help, but McColgan says that ISPs may be reluctant to implement changes if they're costly. "ISPs," he says, "tend to focus on whatever contributes the most to their bottom line."

Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Annual IT Salary Report 
Base pay for IT professionals has remained flat this year with a median annual salary of $88,000 for staff and $112,000 for management. However, 58% of staff and 62% of managers who responded to our survey say they're satisfied with their compensation. Download this report to find out which positions earn the highest compensation.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll