ZombieAlert Scours Corporate Networks For Spam-spewing PCs - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

02:22 PM

ZombieAlert Scours Corporate Networks For Spam-spewing PCs

A U.K.-based security firm is touting a new service that scours corporate networks for zombies -- PCs that have been hijacked without the owner's knowledge and turned into spam-spewing engines.

A U.K.-based security firm is touting a new service that scours corporate networks for zombies -- PCs that have been hijacked without the owner's knowledge and turned into spam-spewing engines.

Sophos on Wednesday launched the alert service, dubbed ZombieAlert, that warns business, educational, and government administrators when some of the machines on their networks turn into the walking dead. So-called "zombies" account for more than half the world's spam, said Sophos.

Tracking down zombies, however, isn't easy.

Rather than monitoring systems internally for evidence of spam zombies, Sophos analyzes the millions of messages passing through its spam traps -- sometimes called "honeypots" -- traces such spam to its originating domain and IP address, then notifies customers when one of their machines is found sending spam.

"Once we get spam, we identity who it's from -- down to the machine within a company -- contact the administrator directly and point him to where the spam's coming from," said Gregg Mastoras, a senior security analyst at Sophos.

ZombieAlert, said Mastoras, is a more flexible and less intrusive way to spot anomalous behavior than traditional traffic monitoring. "Zombie traffic isn't always consistent. It will come on for a day or two, then go away, only to come back later. And many zombie controllers purposefully run a small number of messages through each zombie, hoping to escape detection."

ZombieAlert, however, will notify an administrator at the first instance of a detected spam message coming from a network.

One beta test site, the University of Houston, called the service "a very nice add-on" to existing security defenses.

"Our traffic monitoring would catch the really bad cases," said Alan Pfeiffer-Traum, the university's enterprise system administrator. "But not the typical zombie. So we depended mostly on complaints. But this way I can say we detected the abuse through our own efforts."

Within the first two weeks of using the service, Pfeiffer-Traum was alerted to a half-dozen zombie cases, most of them involving one or two PCs each, almost all of them student systems in the university's residence halls.

"One way to tackle the problem [of spam zombies] might be to restrict outbound SMTP traffic, but that's really impossible in our situation. For the students on campus, the dorm is like their home, and they look to us as their ISP. This really fits into our process."

After he receives an alert, said Pfeiffer-Traum, he notifies support staff, who immediately disable the offending machine(s) ability to send mail. Later, a tech support representative makes a house call and cleans the PC of the malicious code that made it a zombie in the first place.

ZombieAlert, which is rolling out first in North America and Australia -- later in Europe and Asia -- can be added to existing Sophos services, or purchased separately. A ball-park price, said Mastoras, is approximately $15,000 annually.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Top 10 Data and Analytics Trends for 2021
Jessica Davis, Senior Editor, Enterprise Apps,  11/13/2020
Where Cloud Spending Might Grow in 2021 and Post-Pandemic
Joao-Pierre S. Ruth, Senior Writer,  11/19/2020
The Ever-Expanding List of C-Level Technology Positions
Cynthia Harvey, Freelance Journalist, InformationWeek,  11/10/2020
Register for InformationWeek Newsletters
Current Issue
Why Chatbots Are So Popular Right Now
In this IT Trend Report, you will learn more about why chatbots are gaining traction within businesses, particularly while a pandemic is impacting the world.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll