FTC goes on zombie-killing spree

The US Federal Trade Commission (FTC) has demanded that ISPs around the world get tough on PCs that have been hijacked to act as spam relays - if necessary cutting their connection to the Internet.

The radical stance is part of the "Operation Spam Zombies" initiative being coordinated by the organisation in conjunction with 35 bodies around the world, including, prominently, the London Action Plan.

The FTC makes a number of recommendations in its written appeal to be sent to ISPs, including investigating when a PC is sending unusual amounts of e-mail with a view to "quarantining" the computer if is found to be non-legitimate. Other suggestions include implementing Port 25 blocking as standard, whereby all e-mail has to go through the ISP’s mail server - where it can be filtered - before it can be forwarded to its recipient, as well as implementing rate-limiting schemes on relay traffic.

ISPs are also urged to more to educate users as to how they can stop their PCs becoming hijacked in the first place, if necessary by providing some of the tools to remove zombies from PCs.

"We are developing a plan for identifying the IP numbers of likely spam zombies around the world, as well as the ISPs and other providers of Internet connectivity that appear to be responsible for the affected IP numbers," says letter to ISPs.

"That analysis will be based on publicly compiled information such as spam databases and WHOIS databases. We plan to contact those providers of Internet connectivity associated with IP numbers used by possible spam zombies," it continues.

It is hoped the scheme will work through gentle pressure alone. If an ISPs if found to have a particular problem with relays, then it will be informed by one of the organisations signing up to Operation Spam Zombie.

The anti-zombie campaign comes after two previous FTC initiatives, "Operation Secure Your Server" of 2004, and "Open Relays" of 2003. The recommendations are sensible, but like so many things in the ISP universe are likely to take time to filter through. An industry that functions on a complex web of self-regulation and best practise, many ISPs will reply that they already meet some of the requirements of Operation Spam Zombie.

Despite this, zombies are still a problem, so the bigger issue could be how to force or persuade the less well regulated fringes to behave responsibly.

This story, "FTC goes on zombie-killing spree" was originally published by Techworld.com.

Copyright © 2005 IDG Communications, Inc.

Shop Tech Products at Amazon