Zombie Computers Clog the Web with Spam

What's the Source of All That Spam? It Could Be You

Email inboxes are being clogged with what seems like a huge increase in unwanted spam messages. Consumers may wonder where all these messages could be coming from. In truth, they most likely are coming from other consumers' computers -- maybe even their own.

"Many computer users do not realize that hackers are using their machines to send bulk e-mails by the millions," said Lydia Parnes, Director of Consumer Protection at the Federal Trade Commission.

When a hacker hijacks a PC, it becomes what is known as a "zombie computer," meaning it operates at the will of the hacker, who assumes control by downloading a malicious code. The scope of the problem was illustrated in late 2005 when Microsoft engineers, working in a lab, set out to create their own zombie computer. It was frighteningly easy.

The investigators began by placing a single copy of malicious code onto a healthy computer and then connecting the computer to the Internet. Almost immediately, the researchers noticed the first rumblings of life.

The infected computer sent an alert with its Internet location and hijack status to a distant server.

Then, connection requests from hundreds of Internet Protocol (IP) addresses poured into the machine, commanding the infected computer to distribute millions of illegal spam e-mails. Those are the same spam emails that arrive in your inbox daily, with real people's names attached to them.

Of course, the people who sent you the email are clueless. As more consumers sign up for high-speed Internet connections at home, computer criminals have set their sights on the consumers' computers, a growing population of potential zombies that never sleep.

"High-speed connections are an extremely convenient and powerful way to access the Internet, but people need to realize that their connections don't turn off when they walk away from their computers," says Aaron Kornblum, Microsoft's Internet-safety enforcement attorney.

In less than three weeks, the Microsoft lab's zombie computer received more than five million requests to send 18 million spam e-mails. These requests contained advertisements for more than 13,000 unique domains.

"We were startled by the quantity of data directed at this single machine," said Kornblum, who helped lead the zombie investigation. "Even a lone spam zombie can spew huge volumes of illegal e-mail across the Internet."

"The only way to slow the spread of zombies and other online threats is by going after them as resolutely and in as many ways as possible," said Tim Cranton, director of Microsoft's Internet Safety Enforcement programs.

Microsoft has been doing that, using some reverse engineering to go looking for the real source of the spam, the server controlling the zombies. By inserting themselves in the spammers' path and looking upstream, they say they have been able to see things they've never been able to see before.

Specifically, they uncovered the IP addresses of the computers that were sending spamming requests to the quarantined zombie, along with the addresses of the Web sites advertised in the spam. By the end of last month Microsoft had initiated 129 lawsuits in Europe, the Middle East, and North America.

But as your bulging inbox reveals, the problem is far from solved. That's partly because of the lack of awareness of the part of computer users that they could be contributing to the tidal wave of spam.

"Other than sometimes creating extremely sluggish Internet connections and dramatically slowing overall computer performance, zombie computers show few recognizable signs of their infection," Parnes said. "It has become increasingly important for computer users to protect their systems to every extent possible."

How do you prevent your computer from becoming a zombie? Government and industry experts offer these tips:

• Use a firewall to protect computers from hacking attacks while connected to the Internet.

• Get computer security updates or use the automatic updating features to shield computers from viruses, worms and other threats.

• Use up-to-date anti-virus software to help protect against the latest threats.

• Get anti-spyware software and beware of tricks designed to get people to download and install unwanted and sometimes destructive software. This software is sometimes distributed in non-commercial music downloads, file-sharing programs and free games.

• Be cautious about opening any attachment or downloading any files in e-mails from unknown senders.

SophosLabs, the British-based IT security firm, estimates that more than 50 percent of all spam today originates from zombie computers. It notes that in May 2006, the Sober-Q Trojan horse and Sober-N worm worked in tandem to infect and hijack computers around the world, programming them to spew out German nationalistic spam during an election.

As spammers become more aggressive -- collaborating with virus writers to create armies of zombie computers -- the company warns the problem will only intensify. Large companies and institutions with large computer networks will be the next targets.

Already, it says, legitimate organizations with hijacked computers are being identified as a source of spam.

This not only harms the organization's reputation, but can also cause the company's email to be blocked by others. A bigger problem is the quantum jump in spam generation, meaning there may be no way to reduce the amount of spam hitting your inbox until someone comes up with a magic bullet that will kill these zombies.

Take an Identity Theft Quiz. Get matched with an Authorized Partner.