 | |
| ||||
October 27, 2005
|
|
|
"The only way to slow the spread of zombies and other online threats is by going after them as resolutely and in as many ways as possible," says Tim Cranton, director of Microsoft's Internet Safety Enforcement programs.
As government agencies and e-mail providers have cracked down on ways of exploiting consumer and business PCs, many computer criminals have turned their attention to creating zombies. They do so by tricking people into loading malicious code by hiding it in e-mail attachments or in music, video or other files that people download online – or even within data transferred when clicking on an infected Web site.
Illegal spam sent by zombie computers has increased dramatically in recent months and as of this summer now accounts for more than half of all spam, according to studies conducted by industry groups. In addition, computer criminals can use zombie computers to launch phishing attacks that try to steal personal information, such as Social Security and credit-card numbers.
As more people sign up for high-speed Internet connections at home, computer criminals have set their sights on a growing population of potential zombies that never sleep. "High-speed connections are an extremely convenient and powerful way to access the Internet, but people need to realize that their connections don't turn off when they walk away from their computers," says Aaron Kornblum, Microsoft's Internet-safety enforcement attorney.
Microsoft maintains more than 130,000 MSN Hotmail "trap" accounts to investigate patterns within spam. These accounts catch e-mail sent by spammers to potential e-mail addresses. But, as all spam investigators quickly learn, investigating spam after it's delivered is like tracing an unwanted letter with an illegible (or fake) return address. Most spammers protect their identities by sending mail through zombies or using other masquerading tricks, making it fruitless to trace spammers based on the name listed in the "From" line in the e-mail's header.
But Microsoft's zombie investigation gave the company new insight into how it, as a technology developer and e-mail provider, can fight spam and zombies, as well as how to fight the creators of zombies in court.
"By inserting ourselves in the spammers' path and looking upstream, we have been able to see things we have never been able to see before," Cranton says.
Specifically, Microsoft was able to uncover the IP addresses of the computers that were sending spamming requests to the quarantined zombie, along with the addresses of the Web sites advertised in the spam.
To prove these spamming requests were not isolated examples, Microsoft compared the Web sites advertised in the quarantined zombie's spam to those listed in spam in the MSN Hotmail trap accounts.
Cranton says the researchers found numerous identical matches, and were able to determine that approximately 13 distinct spamming operations either helped create or exploit the zombie code placed on the quarantined computer.
These spammers, who are currently unidentified, are named as "John Doe" defendants in the civil lawsuit Microsoft filed in state court in King County, Wash., on Aug. 17. Filing a "John Doe" lawsuit allows Microsoft to use legal discovery tools – such as third-party subpoenas – to help learn the defendants' true identities.
Because the potential threat is so great, the anti-zombie campaign stresses prevention as the best defense against spam and zombie attacks. All three partners in the “Don’t Get Tricked on Halloween” campaign are urging consumers (See "Stop Zombie PC Attacks in their Tracks," this page) to ensure their computers have the latest software for detecting and preventing computer viruses and spyware. The partners also are stressing the importance of installing a software firewall, programs on a computer or network of computers that examine e-mails and other incoming information to determine if they pose a threat before they are delivered within the computer.
The anti-zombie campaign promotes educational Web sites run by Microsoft and the FTC. The federal consumer-protection agency recently launched OnGuardOnline.gov, a Web site that provides tips, articles and videos to help protect computer users and their information from online threats. The new site builds on "Operation Spam Zombies," a campaign the FTC launched in May, along with 35 government partners from more than 20 countries, to encourage Internet service providers (ISPs) to take zombie-prevention measures.
Microsoft and other organizations who mount consumer education campaigns know they need much more than technical know-how to change the way millions of people use the Internet.
"It's easy for new and increasingly sophisticated online threats to overwhelm people." Cranton says. "We hope this Halloween safety warning will capture the public's attention and ensure the lessons stick, so more people take advantage of the resources that are available to help protect them online."
Ken McEldowney, executive director of Consumer Action, says the Halloween-related theme of the current campaign is important because it will help reach people who aren't as focused on technology and are still learning their way around the Internet. "Folks who are computer savvy are not going to be fooled by phishing attacks" sent by zombie computers, he said. "It's everybody else that we need to reach. That's where the challenge is."
 E-mail this story
 Printer-friendly version  Bookmark this page |
Custom Search
|
|
|
