FTC Launches International Campaign Against Zombies - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

03:38 PM
Connect Directly

FTC Launches International Campaign Against Zombies

The commission and 35 government partners from more than 20 countries launched "Operation Spam Zombies" to educate Internet service providers about hijacked computers on their networks.

The Federal Trade Commission, in conjunction with 35 government partners from more than 20 countries, on Tuesday launched "Operation Spam Zombies," an international campaign designed to educate Internet service providers about hijacked, or "zombie," computers on their networks.

Zombie PCs are computers that have been compromised by attackers though the use of viruses, worms, or Trojan programs. Such machines can be controlled remotely by the attacker or those granted access in exchange for payment. Spammers and hackers use zombies to send unsolicited commercial E-mail, distribute malware, store illegal files, and conduct denial-of-service attacks without the owners' knowledge or consent. Because most criminal computer conduct falls under the jurisdiction of law enforcement agencies, the FTC is primarily concerned about zombies as a source of spam.

"Computers around the globe have been hijacked to send unwanted E-mail," Lydia Parnes, director of the FTC's Bureau of Consumer Protection, said in a statement. "With our international partners, we're urging Internet service providers worldwide to step up their efforts to protect computer users from costly, annoying, and intrusive spam 'zombies.'"

Gregg Mastoras, senior security analyst at security company Sophos plc, estimates that half of spam originates from zombie PCs. He also says that 70% to 80% of all E-mail is spam today. Don Blumenthal, Internet lab coordinator at the FTC, says he's seen credible reports that suggest as much as 80% to 90% of spam may come from zombies.

The amount of spam coming from zombies appears to be on the rise. "We're blocking 50 million E-mails coming from zombies a day," says Charles McColgan, chief technology officer of messaging management company FrontBridge Technologies Inc. "That's up from last month when it was in the 20 [million] to 30 million range."

The FTC's primary weapon in its war against zombie spam is bulk E-mail. Twenty members of the London Action Plan, an international anti-spam group, and 16 additional government agencies will E-mail several thousand ISPs around the world, asking them to take steps to protect the computers on their networks. These steps include blocking certain outbound server ports used by spammers, applying rate limiting controls on E-mail relays, profiling mail-sending patterns to identify likely zombies, and providing end-user security information and remediation tools.

In the past two years, the FTC has launched two similar campaigns, one against open relays in 2003 and "Operation Secure Your Server" in 2004. Blumenthal says the effectiveness of those earlier efforts is hard to quantify. However, he says they've generated a positive response from the Internet community and that open relays and open proxies are no longer the major problems they once were.

Mastoras says that while he applauds the effort, more needs to be done. "The Can-Spam Act was primarily a failure," he says. The FTC "needs to re-examine that and see if it can be crafted in a better way. But at some point you have to hold ISPs responsible. They need to be aware of what's going on in their network."

Awareness may help, but McColgan says that ISPs may be reluctant to implement changes if they're costly. "ISPs," he says, "tend to focus on whatever contributes the most to their bottom line."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll