FTC Launches Global Campaign Against Zombies

Zombie PCs are computers that have been compromised by attackers though the use of viruses, worms, or Trojan programs. Such machines can be controlled remotely by the attacker or those granted access in exchange for payment. Spammers and hackers use zombies to send unsolicited commercial E-mail, distribute malware, store illegal files, and conduct denial-of-service attacks without the owners' knowledge or consent. Because most criminal computer conduct falls under the jurisdiction of law enforcement agencies, the FTC is primarily concerned about zombies as a source of spam.

"Computers around the globe have been hijacked to send unwanted E-mail," Lydia Parnes, director of the FTC's Bureau of Consumer Protection, said in a statement. "With our international partners, we're urging Internet service providers worldwide to step up their efforts to protect computer users from costly, annoying, and intrusive spam 'zombies.'"

Gregg Mastoras, senior security analyst at security company Sophos plc, estimates that half of spam originates from zombie PCs. He also says that 70% to 80% of all E-mail is spam today. Don Blumenthal, Internet lab coordinator at the FTC, says he's seen credible reports that suggest as much as 80% to 90% of spam may come from zombies.

The amount of spam coming from zombies appears to be on the rise. "We're blocking 50 million E-mails coming from zombies a day," says Charles McColgan, chief technology officer of messaging management company FrontBridge Technologies Inc. "That's up from last month when it was in the 20 [million] to 30 million range."

The FTC's primary weapon in its war against zombie spam is bulk E-mail. Twenty members of the London Action Plan, an international anti-spam group, and 16 additional government agencies will E-mail several thousand ISPs around the world, asking them to take steps to protect the computers on their networks. These steps include blocking certain outbound server ports used by spammers, applying rate limiting controls on E-mail relays, profiling mail-sending patterns to identify likely zombies, and providing end-user security information and remediation tools.

In the past two years, the FTC has launched two similar campaigns, one against open relays in 2003 and "Operation Secure Your Server" in 2004. Blumenthal says the effectiveness of those earlier efforts is hard to quantify. However, he says they've generated a positive response from the Internet community and that open relays and open proxies are no longer the major problems they once were.

Mastoras says that while he applauds the effort, more needs to be done. "The Can-Spam Act was primarily a failure," he says. The FTC "needs to re-examine that and see if it can be crafted in a better way. But at some point you have to hold ISPs responsible. They need to be aware of what's going on in their network."

Awareness may help, but McColgan says that ISPs may be reluctant to implement changes if they're costly. "ISPs," he says, "tend to focus on whatever contributes the most to their bottom line."