Sophos is hoping to free “hijacked” computers through a newly created alert service called Sophos ZombieAlert.
Zombie PCs take instructions from a malicious remote user and carries out those tasks unknown to the legitimate owner of the PC. It is estimated that thousands, maybe more, computers have been compromised by external parties, and then used for a variety of purposes, including sending of spam from the computer or launching email-based Denial-of-Service (DoS) attacks.
The service can spot “zombie computers” on a company network and advises service subscribers when any computer on their network is found to have sent spam to Sophos’s global network of spam traps. The illegitimate e-mails are traced back using their IP address.
ZombieAlert also provides rapid notification to customers if their internet protocol (IP) addresses are listed in public Domain Name Server Blackhole Lists (DNSBL). This information helps customers locate, disinfect, and protect these systems from future attacks, claimed Sophos.
The anti-virus firm estimates that more than 50% of all spam today originates from zombie computers. In May, the Sober-Q Trojan horse and Sober-N worm worked in tandem to infect and hijack computers around the world, programming them to spew out German nationalistic spam during an election. As spammers become more aggressive – collaborating with virus writers to create armies of zombie computers – legitimate organisations with hijacked computers are being identified as a source of spam. This not only harms the organisation’s reputation, but can also cause the company’s e-mail to be blocked by others.
Sophos will initially offer the service to universities and ISPs that have lots of unregulated users.
“Aside from consumers, organisations such as educational institutions and governments probably face the greatest risk of becoming part of a zombie computer network because they have both remote and home users,” said Carole Theriault, security consultant at Sophos. “ZombieAlert never sleeps, providing round-the-clock surveillance of spam seen spreading across the internet, and determining its origin.”
The problem is equally as critical for internet service providers (ISPs), since consumers are also prominent targets. ISPs like AOL and others have shown up in various reports as having numerous zombie machines. Since the biggest networks have the most PCs on them, those networks suffer the greatest problems and the worst publicity from zombies.
ZombieAlert enables ISPs to identify and alert consumers to the threat while providing the opportunity to recommend that end users practice safe computing habits, the company said.
“Sophos’ global network of threat analysis centres is ideally positioned to advise on new and emerging threats, such as compromised computers spewing spam,” continued Theriault. “Once compromised computers have been identified by the service, we can help affected users remedy the situation, clean up their systems and fortify their defences against future attacks.”
David Ferris, a senior analyst at Ferris Research, said he expects other companies to offer a similar service soon. “Sophos is the first vendor we know of to offer an on-the-fly alert service that advises organisations that they are being used to host zombies. This service is unique and very timely. I would anticipate that competitors would soon follow suit,” Ferris said.
