ISPs urged to throttle spam zombies
International clean-up campaign
The US Federal Trade Commission (FTC), along with more than 35 government agencies worldwide, announced an ambitious effort on Tuesday to get ISPs and other organisations to deliver the net from the plague of zombie spam networks. The group is encouraging ISPs to identify and quarantine customers whose PCs may have unwittingly been turned into spam zombies, under the control of hackers.
ISPs are also being encouraged to apply rate-limiting controls for email relays and to block port 25 (a common Internet port used for email) for inappropriate use as part of an educational campaign called Operation Spam Zombies. ISPs are also being urged to educate consumers about net security and to provide tools to disinfect computers under one of the most ambitious net security education initiatives to date.
Trojans such as Phatbot are often used to seize control of Windows PCs, turning them into zombie clients in networks of compromised PCs (botnets). These botnets are used to send spam or as platforms for DDoS attacks, carrying out criminal attacks right under the noses of their rightful owners. The tactic allows hackers to offload the computing effort in sending spam while creating a means to get past basic junk mail filters. According to email security firm MX Logic shows that during April, on average zombie PCs accounted for 44 percent of all spam.
Steve Linford, director of anti-spam organisation Spamhaus, said the FTC's advice was basically common sense even though it was often ignored by ISPs who either didn't know how to apply controls or couldn't be bothered to carry out the work. "This is something we've been advocating for years but the addition of more voices can only help the message get through," he added.
The FTC is leading the publicity drive on Operation Spam Zombies because US ISPs are the main target audience of the campaign. UK groups like Spamhaus and government agencies like the DTI and OFT are also getting behind Operation Spam Zombie which was developed by members of the London Action Plan, an international network combating spam. ®
Sponsored: Becoming a Pragmatic Security Leader