Microsoft, the U.S. Federal Trade Commission (FTC) and Consumer Action, a public watchdog and education group, have launched a campaign aimed at helping consumers prevent their computers from getting turned into zombies.
Timed to coincide with National Cyber Security Awareness Month and Halloween on Oct. 31, the “Don’t Get Tricked on Halloween” campaign aims to alert computer users to the threat of zombie computers and how to protect against malicious code.
“The only way to slow the spread of zombies and other online threats is by going after them as resolutely and in as many ways as possible,” said Tim Cranton, director of Microsoft’s Internet Safety Enforcement programmes.
Microsoft warned that the number of zombie PCs has rocketed over recent months with the illegal spam sent by these compromised computers now accounting for more than half of all spam. In addition, the software giant pointed out that computer criminals can use zombie computers to launch phishing attacks that try to steal personal information, such as Social Security and credit-card numbers.
As more people sign up for high-speed internet connections at home, computer criminals have set their sights on a growing population of potential zombies that never sleep. “High-speed connections are an extremely convenient and powerful way to access the Internet, but people need to realize that their connections don’t turn off when they walk away from their computers,” said Aaron Kornblum, Microsoft’s Internet Safety Enforcement attorney.
In less than three weeks, a single malware infected PC that Microsoft attached to the internet as an experiment was found to have received more than 5m requests to send 18m spam emails. These requests contained advertisements for more than 13,000 unique domains, Cranton said, adding that researchers quarantined the zombie machine, preventing it from sending any spam onto the public internet.
“We were startled by the quantity of data directed at this single machine,” added Kornblum, who helped lead the zombie investigation. “Even a lone spam zombie can spew huge volumes of illegal e-mail across the Internet.”
According to Microsoft, its zombie investigation has given it fresh insight into how it, as a technology developer and email provider, can fight spam and zombies, as well as how to fight the creators of zombies in court.
“By inserting ourselves in the spammers’ path and looking upstream, we have been able to see things we have never been able to see before,” Cranton said.
Specifically, Microsoft was able to uncover the IP addresses of the computers that were sending spamming requests to the quarantined zombie, along with the addresses of the websites advertised in the spam.