One might not associate sophisticated crimes such as mass spamming, dedicated denial of service (DDOS) attacks, or identity theft with a mindless zombie, but the computer variety of the monsters in compromised PC form are doing all of that and more.
In response to the threat, Microsoft, the Federal Trade Commission and Consumer Action have unveiled a zombie-hunting plan, advancing public education efforts to coincide with the Halloween season.
Dubbed “Don’t Get Tricked on Halloween”, the campaign seeks to alert users to the threat of these zombie machines — which are amassed by spammers, phishers, child porn peddlers and other criminals — and to provide them information on how to protect their PCs.
Microsoft also announced legal action targeting illegal email operations that connect to zombie computers to send spam.
Microsoft indicated that, although they can be extremely disruptive to personal computing and the Internet in general, zombies are often silent in their malicious deeds, with many users unaware they have been compromised.
As companies and government have converged on ways to protect consumer and business computers, the software giant said, computer criminals have turned their attention to creating zombies, tricking users into loading malicious code via email attachments, music, video or other files.
“The only way to slow the spread of zombies and other online threats is by going after them as resolutely and in as many ways as possible,” said a statement from Microsoft Internet Safety Enforcement programs director Tim Cranton.
Officials, who expressed concern over the rising number of zombie efforts on the Internet, said they would provide consumers and businesses tips on how to avoid being compromised, including use of a firewall, regular security and other updates, antivirus software, anti-spyware, and information about the social engineering tricks used by attackers to get their infected PC treats.
Microsoft indicated that an investigation into zombies and experimentation led researchers to believe that the zombie problem is even worse than thought, even though Sophos and others have highlighted the trend.
“By inserting ourselves in the spammers’ path and looking upstream, we have been able to see things we have never been able to see before,” Cranton said.
Maurene Caplan-Grey, principal analyst and founder of Grey Consulting, told TechNewsWorld that zombies have provided spammers an easier way to send the unsolicited email.
“That just becomes a more effective way of sending spam, a cheaper way,” she said.
Grey indicated that a good portion of the world’s spam is flowing through compromised, zombie computers, much of it originating in the United States, which was recently named the top spamming nation by Sophos, in large part because of zombies.
Technology and Training
iDefense/VeriSign Senior Engineer Ken Dunham told TechNewsWorld there are two basic ways to deal with computer crime issues: technology and training. He said the Microsoft-FTC effort against zombies may help, but only if combined with the other components.
“Certainly, we need awareness, but we need improved technology and training, too,” he said. “Then it may put a dent in it.”
Calling zombies one of the largest growing types of computer security threats, Dunham added that technically developing nations and an increase in novice users across the globe are providing fertile ground for zombies.
“We’re seeing massive growth in highly connected countries, where there is high bandwidth and low resource requirements to get online,” he said. “That’s the perfect haven for zombies.”