Security News > 2004 > June > Largest ISPs Attack 'Zombies'

Largest ISPs Attack 'Zombies'
2004-06-23 11:00

http://www.washingtonpost.com/wp-dyn/articles/A61759-2004Jun22.html By Jonathan Krim Washington Post Staff Writer June 23, 2004 The country's largest e-mail account providers called yesterday for a worldwide industry assault on "zombies," personal computers that have been unwittingly commandeered by spammers and used to send out unwanted e-mail and malicious programs. The Anti-Spam Technical Alliance, which includes America Online Inc., Yahoo Inc., Microsoft Corp. and EarthLink Inc., urged all Internet providers to police their networks more aggressively and cut off machines suspected of being launching pads for spam. By some estimates, hundreds of thousands of computers around the world have been infected with software that lets them be used without their owners' knowledge. Such machines now account for as much as 40 percent of all spam. Large Internet providers typically monitor traffic on their networks and pinpoint machines that are sending out inordinate amounts of e-mail. When such machines are found, some Internet providers block their Internet access until their owners come forward, at which point they are given help to remove the software code used by the spammers before being reconnected. The zombie problem, said representatives of the group, is going largely unchecked because other Internet providers are not taking such action. "We're throwing the gauntlet down," said Ken Hickman, senior mail director at Yahoo. "We're saying, 'Hey, secure your networks.' " The proposal suggests that Internet providers that are quarantining zombies might reject all mail from networks that are not doing so. "If the ISP does not reasonably control abusive traffic, it is at risk of being blocked by other ISPs," said the group's report. "These machines are a security risk," added Brian Sullivan, senior technical director of mail operations at AOL. Mike Jackman, executive director of the California ISP Association, responded that smaller Internet providers generally do watch their networks closely and act when they see zombies. "They are doing it because it's in their interest to do it," Jackman said. Spammers "are eating up bandwidth." Jeffrey Sullivan, director of Verizon Communications Inc.'s Internet operations, said his company will not cut off a machine's Internet access until it has contacted the account owner. He said Verizon participated in the group's deliberations but is not a member. The group, which also includes Comcast Corp. and British Telecom, said the industry should standardize several other practices, including making sure that spammers cannot automatically register for e-mail accounts without verifying their identities. In addition, the group said, ISPs should not have servers -- computers that process mail -- that allow third parties to relay e-mail through them without being verified as legitimate account holders. But the group was not yet ready with unified standards for verifying the identity of e-mail senders, which is one of the industry's biggest initiatives. The four largest ISPs have been testing systems for authenticating senders to make it more difficult for spammers to disguise their identities and locations. The companies are working with Internet organizations that help develop technical specifications, and the process is likely to take until the end of the year. In the meantime, the group urges ISPs to prevent people from sending mail until they have been deemed valid account holders. Usually, the report said, this can be done by requiring user names and passwords to be provided before users are allowed onto e-mail systems. Anti-spam groups that have often been critical of ISPs for not being aggressive enough said the recommendations were hardly surprising. "It's a codification of existing best practices rather than anything that's truly new," said John Mozena, executive director of the Coalition Against Unsolicited Commercial Email. He said that while unplugging zombies is important, the system still depends on voluntary compliance. Mozena's group and others have sought legislation to allow consumers to hold network owners accountable for permitting spam. _________________________________________ ISN mailing list Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie! (Broke? Spend 15 minutes a day on the project!)


News URL

http://www.washingtonpost.com/wp-dyn/articles/A61759-2004Jun22.html