FTC: Beware of 'zombies'

It's launching an awareness campaign aimed at ISPs

The U.S. Federal Trade Commission, in conjunction with regulatory bodies in about 30 countries, is about to launch an education campaign directed at Internet service providers (ISP). Its message? Zombies are out of control.

These "zombie" networks account for a large percentage of unsolicited e-mail being sent on the Internet, said Don Blumenthal, Internet lab coordinator at the FTC. "I've seen estimates that anywhere from 80% to 90% of the spam out there is processed through" zombie networks, he said. "It is certainly a critical problem."

Attackers use malicious software distributed over the Internet to gain control over unsecured PCs and servers. They then use these zombie systems to do things such as launch denial-of-service (DoS) attacks or send unsolicited e-mail, generally without the knowledge of the system's owner.

About 157,000 new zombies are identified each day, and much of the unwanted zombie activity is now coming from outside of the U.S., according to security company CipherTrust Inc.

The FTC will launch the campaign today in conjunction with many of the same agencies that participated in its "secure your server" antispam campaign last year, including agencies from Europe, Asia, and Latin America, Blumenthal said.

As part of the campaign, the FTC will send out letters to about 3,000 ISPs asking them to examine the flow of their network traffic in order to identify potential spammers and to prevent some users from setting up servers that use the Internet standard Port 25 number to identify themselves as e-mail servers.

The FTC has also entered into a six-month contract with ICG Inc. to help notify ISPs of potential spam problems on their networks, Blumenthal said. Starting in about a month, the Princeton, N.J.-based cyberinvestigation company will begin searching for the sources of unsolicited e-mail and notifying ISPs around the world of any problems that can be traced to their networks.

Many of the FTC's recommendations are already being implemented by ISPs, but the agencies involved would like to see them more widely adopted. Corporate e-mail administrators would benefit from adopting the techniques as well, Blumenthal said.

Blumenthal would not comment on what, if any, regulatory measures the FTC was considering to address the zombie problem. "This is an educational campaign, and that's really all it is," he said.

Copyright © 2005 IDG Communications, Inc.

Shop Tech Products at Amazon