HOME
TOPICS
ABOUT ME
MAIL

 
Microsoft official astonished; Apple's computers not affected.
 technofile
Al Fasoldt's reviews and commentaries, continuously available online since 1983

T e c h n o f i l e
A single infected 'zombie' PC relays 18 million pieces of spam in 20 days, Microsoft's own study shows


Nov. 6, 2005


By Al Fasoldt
Copyright © 2005, Al Fasoldt
Copyright © 2005, The Post-Standard

   How low will spammers go? The latest findings of a Microsoft research project confirm that spammers are routinely hijacking PCs in order to use them as spam relays on a scale that is almost unimaginable.
   Microsoft monitored the activities of a standard Windows XP computer that had an always-on connection to the Internet. The PC was quickly taken over by zombies -- virus-like invaders sent out by spammers. Microsoft found that the zombies then contacted remote computers to inform them that the PC was available as a relay. Over a 20-day period that single PC received 5 million "pings," or hits, from other PCs seeking to connect to it, Microsoft says.
   The company monitored outgoing traffic, too, and discovered that this single PC processed 18 million spam e-mails in that period. (Microsoft blocked all the spam the PC tried to send.)
   "The numbers were astonishing -- much higher than we expected," said Microsoft attorney Tim Cranton, who heads Microsoft's Internet Safety Enforcement Team.
   Although spam often seems untraceable -- return addresses on spam e-mails are nearly always faked -- Microsoft was able to uncover the activities of 13 large-scale spam operations in its analysis of the zombie PC. In August, the company filed suit against the spammers it was tracking, without naming names. Microsoft hopes to turn up the identities of the spammers in a few months.
   Sophos, a security firm, estimates that half of all spam originates from zombie PCs. A conservative estimate by MessageLabs, an e-mail tracking company, says half of all e-mail is spam; others who track spam say the number is as high as 75 percent. At least 60 billion e-mails are sent each day. These numbers put the amount of zombie-generated spam at 15 billion pieces a day or more.
   Zombies take advantage of lax security in Windows PCs by infecting PCs through malicious e-mail attachments and through direct attack across the Internet. After they burrow into the computer, each zombie sets up a slave server within the PC that receives instructions from its master computer. Each zombie server -- an infected PC can have many running at the same time -- can relay spam, viruses and spyware to other computers while the PC is unattended.
   Zombies are able to set up their own server schedules by making use of a little-known function in modern computers that can turn them on at any time, even if they had been turned off completely. This allows zombies to monitor the behavior of the PC and schedule their relays at times when the PC is usually idle, such as during daytime hours when users are at school or work or nighttime hours when everyone is asleep.
   Zombies steal e-mail addresses from Windows PCs and use those addresses as the spoofed, or faked, source of everything they relay. Mail servers that are trying to block malicious e-mail often compound the problem by firing off notices to the "senders" of such mail telling them their letters were flagged as spam or viruses. Because these "senders" are innocent dupes, such warnings simply confuse the victims of this sort of identity theft.
   Blocking zombies is very difficult. The U.S. Federal Trade Commission and 35 other international agencies have been working to get Internet Service Providers (ISPs) to help block the flood of zombie-generated mail. In an effort called "Operation Spam Zombies," the FTC and its partners are urging more than 3,000 ISPs around the world to cut off network activities typical of zombie PCs. This would keep them from acting as mail servers, for example.
   In your home or small office, you can take five steps:
   Install a firewall. Buy a router with a built-in firewall (ask for help at a computer store) if you have a cable or other broadband connection. Use a software firewall otherwise. Windows XP has one built in; make sure you have it turned on. You can buy software firewalls that are better than the one in Windows, too.
   Never open attachments you didn't ask for. This rule is 100 percent effective. Make sure others in your family understand it, too. When you receive attachments you didn't ask for, even if they seem to be OK and seem to come from someone you know, delete the entire message. Call the person who seems to have sent the attachment (don't write -- it could be a spoofed mail, and you'd simply get infected by responding) and explain your family policy.
   If you use Windows, keep your anti-virus software up to date.
   Never plug your computer directly into a wall socket. Always plug it into a switched power strip. After you shut the computer off, turn off the power at the power strip. This prevents zombies from turning on the PC without your knowledge.
   Consider switching to an Apple Macintosh. Apple's computers are not vulnerable to zombies.