Don’t
Get Tricked on Halloween: Federal Trade Commission, Consumer Action and
Microsoft Warn Internet Users of Zombie Computers -- Microsoft logs 5
million illegal commands to one quarantined zombie computer.
Timing
their effort to coincide with national Cyber Security Awareness Month
and Halloween, the U.S. Federal Trade Commission (FTC), Consumer Action
and Microsoft Corp. are urging consumers
to protect themselves from the threat of “zombies,” computers that are
infected with malicious code so they can be controlled remotely by
other people for illegal purposes. Through technological trickery,
criminals can use these unconscious accomplices to send illegal spam,
launch phishing campaigns to steal personal information, attack Web
sites and computers, or engage in other illegal activity.
Unlike the zombies of B-movie imagination, which are easily
identifiable by their typically gruesome appearance and menacing
groans, zombie computers are silent stalkers. People who use the
Internet may never know that their computers have been compromised and
turned into a conduit for sending millions of pieces of illegal spam or
facilitating other illegal activity. More than half of all spam is sent
through infected computers, according to industry reports. (A graphical explanation of how zombies operate is available.)
To combat the zombie threat, Microsoft today revealed some of the
technological and legal maneuvers it has used to unmask the individuals
using several zombies to send spam. Microsoft investigators
intentionally created a zombie computer, quarantined it to prevent it
from actually sending spam messages, then carefully watched it for 20
days while investigators tracked and traced all Internet communications
through the infected computer.
The statistics the investigators compiled were staggering. In less
than three weeks, this single zombie received 5 million connection
requests from spammers and 18 million spam messages advertising more
than 13,000 individual Web sites. Evidence gathered in this exercise
contributed to a lawsuit that has now identified 13 different spamming
operations.