The average number of new computer zombies created each day in May increased almost 10 percent from April, according to a report released Thursday.
Zombies are personal computers controlled remotely by hackers. An average of 172,000 computer users lose control of their machines each day, according to a report by anti-spam company CipherTrust.
“The more machines you have under your control, the more quickly you can find and infect other machines,” said Dmitiri Alperovitch, a research engineer at CipherTrust.
The zombie computers can be made to attack web servers, collect personal information, or send spam emails.
The U.S. Federal Trade Commission went on the zombie warpath Tuesday, announcing a campaign to educate Internet Service Providers (ISPs) on anti-zombie techniques.
The commission has called on more than 3,000 ISPs to limit the rate at which emails may be sent and be vigilant for users who send abnormal amounts of emails. It has also asked ISPs to help their customers understand the threats and to provide them with zombie-killing software upon request.
“You’re not solving the entire problem,” said Mr. Alperovitch. “You’re not putting the criminals in jail, but if you take their tools away by cutting the number of zombies by a significant amount, it will make it more difficult for them to do their business.”
No doubt, “Operation Spam Zombies” will get more attention than “Operation Secure Your Server” did in 2004, or the FTC’s 2003 campaign against “open relays.”
The dangerous thing about computer zombies is not so much the spam they send, as the anonymous platform they create for doing other bad things.
Many companies have cropped up to solve the spam problem. Ciphertrust, IronPort, and Symantec each sell network appliances for keeping spam off of desktops. Other companies, such as Postini, will filter your mail remotely, as a service. Still other companies will sell software for reducing spam.
SymantecCounter ThreatsFewer companies exist to take the pain out of other zombie-related threats.
Take the Distributed Denial of Services attack, often called a DDoS attack, for example. The attacker uses the zombie computers he or she controls to send and request information from a single web site or web server. The attack is like getting bludgeoned to death by a hundred-thousand small, repeated pokes.
One of the companies fighting this threat is Prolexic Technologies. The company offers a managed service designed to intercept these attacks upstream from customers and clean the data traffic to eliminate network downtime. The company, based in Hollywood, Florida, employs 20 and was founded in 2003. So far, it has raised $1.75 million from its angel investors, and it is profitable.
Using another person’s computer to do bad things makes it hard for law enforcement to trace and track Internet attackers. This is especially important as attackers use zombies to commit fraud.
“Spam is a huge nuisance, but as an individual, you’re not losing money,” said Mr. Alperovitch, “Now, virtually all phishing attacks come from Zombies.”