Feds Eye New Mission: Zombie Hunting

The federal government is now in the zombie-hunting business — and is deputizing virtually every Internet Service Provider in the United States as it seeks to halt the flow of unwanted spam e-mail in this country and overseas.

The Federal Trade Commission, the federal anti-trust watchdog, is planning in coming weeks to begin sending ISPs reports on the computers on their networks that are zombies. Once the ISPs receive the information, it is then their duty to disable the zombies, which are primarily home PCs that have been hijacked by hackers to illicitly send out spam.

Hackers in the Know

“The hackers go there,” said Wayne Burkan, vice president of marketing at Interlink Networks, an Ann Arbor, Mich.-based WiFi security company. “They know that the networks of companies are protected, but those of homeowners are not.”

There is precedent for having the ISPs block e-mail account access for their clients. U.K.-based ISP Telewest, recently blacklisted nearly 1 million of its customers after their systems had been pirated by spammers.

According to CipherTrust, an IT security developer in Alpharetta, Ga., during the middle of July, more than 226,737 new zombies originated in China, the biggest generator of international Internet hacking these days. German hackers created a mere 68,563 new zombies during the same time frame, while computer criminals in South Korea and Brazil lagged right behind.

According to Prolexic Technologies, an intrusion prevention and detection firm based in Hollywood, Fla., America Online is the most targeted ISP in the U.S., with 11.7 percent of all zombie attacks being pointed at AOL. This was followed by Comcast.net, which is the target of 10.66 percent of would-be zombie planters.

“Computers around the globe have been hijacked to send unwanted e-mail,” said Lydia Parnes, director of the FTC’s bureau of consumer protection in Washington D.C. “We’re urging ISPs worldwide to step up their efforts to protect computer users from costly, annoying, and intrusive spam ‘zombies.'”

According to the FTC, there are a number of technical measures that ISPs can undertake to stop the zombies, including the following:

  • Blocking a common Internet port used for e-mail, whevever feasible;
  • Applying a rate-limiting control — to delay sending of e-mail;
  • Pinpointing computers that are sending an unusually high amount of e-mail;
  • Teaching customers, in plain English, how to remove zombie software and other malware, if their PCs are infected.

The blocking of the Internet port — port 25 — prevents spammers from sending out e-mail, by ensuring that the ISP customer’s computer is used only to send e-mail over its servers, experts said.

The FTC is working with an array of government agencies around the world, including the Department of Commerce and the Department of Homeland Security, as well as government officials from Albania to the United Kingdom.

Stopping ‘Botnets’

U.S. officials are planning to send letters shortly to “more than 3,000 ISPs around the world, urging them to employ protective measures to prevent their customers’ computers from being hijacked by spammers,” said the FTC in a statement.

In addition to sending spam, the pirated PCs are also used often to disseminate phishing attacks and defraud consumers. What’s more, the hijacked computers are used to launch denial-of-service attacks against Internet-based businesses. When the scammers assemble a whole network of renegade PCs, they then have what experts call a “botnet.”

Research from Forrester Research indicates that if something isn’t done to stop the illicit activity, the Internet could essentially be shut down.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

CRM Buyer Channels