Slaying spam-spewing zombie PC

Spammers are teaming with hackers and virus writers to create zombie PCs. Here's how to wake yours from the dead.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

If you think spam hawking Viagra, pirated Microsoft software, and get-rich-quick schemes is sent by lowlifes and their evil spam-spewing computers, you're wrong. Today, more than 80 percent of all spam worldwide comes from zombie PCs owned by businesses, universities, and average computer owners, says MessageLabs, an e-mail security service provider.

Zombie PCs are computers that have been infected by malicious code that allows spammers to use them to send e-mail. The use of zombies by spammers and hackers isn't new. But, according to experts, this practice has become increasingly more organized and more profitable over the past year.

"A new underground economy is evolving," says Gregg Mastoras, a senior security analyst at the security firm Sophos.

Sophos estimates that about 50 percent of spam currently originates from zombie PCs, a 25 percent increase over the past year. Although Sophos's estimates are lower than Message Labs numbers, the growth in the number of zombie attacks is alarming.

What's causing the increase? New antispam laws and better spam filters have made it harder to send junk e-mail, so spammers are looking for new and more creative ways to send their messages, Mastoras says. And many of these spammers have found help from what once would have been an unlikely source: hackers and virus writers.

Mastoras says spammers are hiring virus writers and hackers to help them create armies of zombie PCs to send spam. These once-disparate groups are working together, forming their own online axis of evil.

By routing their e-mail messages through zombie computers, spammers avoid spending money on the bandwidth they'd need to send out millions of messages. Using zombies also allows them to hide the origins of their messages, making it more difficult for law enforcement officials to find them. Many times, these zombie networks are also used to launch denial-of-service attacks.

Zombie Hunt

As a test, I traced the origins of some of the worst spam messages I've received over a one-week period to find out whether the messages were likely sent through zombies. As it turns out, many of the messages I received could be traced back to respectable businesses and universities - unwitting pawns in the spam deluge.

For example, I traced an e-mail pitching pirated Microsoft software back to a financial planning firm in Manhattan. There was no obvious way to tell that the message had originated from a computer at the firm. It had a nonfunctioning return e-mail address, and it never mentioned the company in question. But every e-mail message contains the unique IP address of the computer that sent it, so I used that address to trace the pitch for pirated software back to a computer at the firm.

For more PC news, visit PC World. Story copyright PC World Communications, Inc.