News
News
7/13/2005
02:22 PM
Connect Directly
RSS
E-Mail
50%
50%

ZombieAlert Scours Corporate Networks For Spam-spewing PCs

A U.K.-based security firm is touting a new service that scours corporate networks for zombies -- PCs that have been hijacked without the owner's knowledge and turned into spam-spewing engines.

A U.K.-based security firm is touting a new service that scours corporate networks for zombies -- PCs that have been hijacked without the owner's knowledge and turned into spam-spewing engines.

Sophos on Wednesday launched the alert service, dubbed ZombieAlert, that warns business, educational, and government administrators when some of the machines on their networks turn into the walking dead. So-called "zombies" account for more than half the world's spam, said Sophos.

Tracking down zombies, however, isn't easy.

Rather than monitoring systems internally for evidence of spam zombies, Sophos analyzes the millions of messages passing through its spam traps -- sometimes called "honeypots" -- traces such spam to its originating domain and IP address, then notifies customers when one of their machines is found sending spam.

"Once we get spam, we identity who it's from -- down to the machine within a company -- contact the administrator directly and point him to where the spam's coming from," said Gregg Mastoras, a senior security analyst at Sophos.

ZombieAlert, said Mastoras, is a more flexible and less intrusive way to spot anomalous behavior than traditional traffic monitoring. "Zombie traffic isn't always consistent. It will come on for a day or two, then go away, only to come back later. And many zombie controllers purposefully run a small number of messages through each zombie, hoping to escape detection."

ZombieAlert, however, will notify an administrator at the first instance of a detected spam message coming from a network.

One beta test site, the University of Houston, called the service "a very nice add-on" to existing security defenses.

"Our traffic monitoring would catch the really bad cases," said Alan Pfeiffer-Traum, the university's enterprise system administrator. "But not the typical zombie. So we depended mostly on complaints. But this way I can say we detected the abuse through our own efforts."

Within the first two weeks of using the service, Pfeiffer-Traum was alerted to a half-dozen zombie cases, most of them involving one or two PCs each, almost all of them student systems in the university's residence halls.

"One way to tackle the problem [of spam zombies] might be to restrict outbound SMTP traffic, but that's really impossible in our situation. For the students on campus, the dorm is like their home, and they look to us as their ISP. This really fits into our process."

After he receives an alert, said Pfeiffer-Traum, he notifies support staff, who immediately disable the offending machine(s) ability to send mail. Later, a tech support representative makes a house call and cleans the PC of the malicious code that made it a zombie in the first place.

ZombieAlert, which is rolling out first in North America and Australia -- later in Europe and Asia -- can be added to existing Sophos services, or purchased separately. A ball-park price, said Mastoras, is approximately $15,000 annually.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 18, 2014
Enterprise social network success starts and ends with integration. Here's how to finally make collaboration click.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
The weekly wrap-up of the top stories from InformationWeek.com this week.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.