Sophos Launches Zombie-Seeking Service

The growing number of compromised computers known as “zombies,” as well as the growing danger these hijacked systems and networks can bring, have prompted anti-virus company Sophos to provide a service that finds the often quiet, malicious code.

Experts agreed that zombies, which are typically ceded to attackers through software programs such as Trojans, are a growing issue and are adding to spam, denial of service and other attacks and illegal money-making schemes.

Sophos senior security analyst Gregg Mastoras told TechNewsWorld that not only are consumer broadband connections being turned into zombies, but attackers are increasingly looking at governmental, educational and enterprise organizations to spread spam, steal information and stain reputations.

“Organizations and institutions have clearly become compromised,” Mastoras said. “We tend to see these organizations with less controlled networks [targeted]. Government and institutional organizations, which may have less control over the network than they think, are an appealing target to virus writers. There’s much bigger potential to use these and spread more spam.”

Zombies Get Smarter

Mastoras reported that Sophos research indicated half of all spam on the Internet was coming from zombie machines, which are typically compromised surreptitiously by attackers through Trojans, viruses or other malicious software.

“If 50 percent is coming from zombies, you have to believe it’s not just consumers anymore,” he said, referring to daily copies of spam originating from zombies that are non-consumer systems or networks.

Mastoras said the compromised computers, which maintain low levels of activity to avoid detection, can do serious damage to brand and reputation by sending spam using a company’s IP address and name.

“If there is pornography or something offensive to the one who gets it, that has the potential to get your brand or reputation damaged,” Mastoras said.

Other dangers from zombies, which are collected among competitive attackers seeking larger numbers of systems, include: increasing the likelihood of more attacks; getting blacklisted as a spammer and blocked from recipients; and information and identity theft.

Quietly Growing in Number

Mastoras, who said there has been an alarming increase in the number of keylogging Trojans that steal password or other data, said that the number of viruses Sophos protects against has grown 59 percent in the last year.

He added that the time to infection for unprotected machines is also up, but most users are unaware their machines are being used for spam or other attacks and illegal activities.

“It’s really about being quite discreet and looking for financial gain,” he said. “We don’t see [high-profile] virus outbreaks coming. We expect the volume [of viruses and zombies] will be up and the danger will be up.”

Source Codes Increasing

Ken Dunham, senior engineer for the Verisign/iDefense research team, told TechNewsWorld zombies are an increasing problem and have the potential for a variety of bad things.

“There have been estimates that there are over one million new zombies every month,” Dunham said. “I wouldn’t be surprised if that’s accurate.”

Dunham — who indicated zombies can be used for spreading spam, stealing information, industrial espionage, money laundering and denial of service attacks or threats — credited the growing number of zombies to communication, copying and cooperation among attackers.

“There’s a huge number of source codes available on the Internet to attackers,” he said. “They’re easy, they’re opportunistic and they can be used for a variety of things.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels