Microsoft Logs 5 Million Illegal Commands to One Quarantined Zombie Computer
WASHINGTON, Oct. 27 /PRNewswire-FirstCall/ -- What evil haunts your
computer? Internet users beware: Zombies are among us.
(Logo: http://www.newscom.com/cgi-bin/prnh/20000822/MSFTLOGO )
Timing their effort to coincide with national Cyber Security Awareness
Month and Halloween, the U.S. Federal Trade Commission (FTC), Consumer Action
and Microsoft Corp. (Nasdaq: MSFT) are urging consumers to protect themselves
from the threat of "zombies," computers that are infected with malicious code
so they can be controlled remotely by other people for illegal purposes.
Through technological trickery, criminals can use these unconscious
accomplices to send illegal spam, launch phishing campaigns to steal personal
information, attack Web sites and computers, or engage in other illegal
activity.
Unlike the zombies of B-movie imagination, which are easily identifiable
by their typically gruesome appearance and menacing groans, zombie computers
are silent stalkers. People who use the Internet may never know that their
computers have been compromised and turned into a conduit for sending millions
of pieces of illegal spam or facilitating other illegal activity. More than
half of all spam is sent through infected computers, according to industry
reports. (A graphical explanation of how zombies operate is available at
http://www.microsoft.com/presspass/features/2005/oct05/10-27Zombie.mspx.)
To combat the zombie threat, Microsoft today revealed some of the
technological and legal maneuvers it has used to unmask the individuals using
several zombies to send spam. Microsoft investigators intentionally created a
zombie computer, quarantined it to prevent it from actually sending spam
messages, then carefully watched it for 20 days while investigators tracked
and traced all Internet communications through the infected computer.
The statistics the investigators compiled were staggering. In less than
three weeks, this single zombie received 5 million connection requests from
spammers and 18 million spam messages advertising more than 13,000 individual
Web sites. Evidence gathered in this exercise contributed to a lawsuit that
has now identified 13 different spamming operations.
"The widespread use of zombie computers to commit crimes over the Internet
presents a very real danger to law-abiding computer users," said Tim Cranton,
director of Internet Safety Enforcement Programs at Microsoft. "This is
precisely why Microsoft initiated this investigation into zombies and took
legal action. As a result, we have identified more than a dozen spamming
operations exploiting zombie networks to send millions of illegal spam
messages. We will continue our investigations and will maintain a steady,
concerted effort to identify and target criminals to help make the Internet
safer."
The FTC, a federal consumer-protection agency on the forefront of the
fight against cybercrime, has also intensified its efforts against zombies.
Its "Operation Spam Zombies" with 35 government partners from more than
20 countries encourages Internet service providers (ISPs) to take
zombie-prevention measures. The goal is to identify spam zombies and urge the
providers that are hosting them to implement corrective measures. This month
the FTC also launched OnGuardOnline.gov, a Web site that provides tips,
articles and videos for computer users to help protect themselves and their
information from online threats.
"Many computer users do not realize that hackers are using their machines
to send bulk e-mails by the millions," said Lydia Parnes, director of the
Bureau of Consumer Protection at the FTC. "We are pleased that industry
leaders are stepping up their efforts to protect computer users from costly,
annoying and intrusive spam zombies."
Other than sometimes creating extremely sluggish Internet connections and
dramatically slowing overall computer performance, zombie computers show few
recognizable signs of their infection. It has become increasingly important
for computer users to protect their systems to every extent possible.
Ken McEldowney, executive director of Consumer Action, said people can
take steps to protect themselves, but that raising awareness of the threat of
zombies is a first step.
"You can learn how to protect yourself from these insidious threats,"
McEldowney said. "We always stress safety around Halloween. This October, we
want to emphasize online safety, too. There are some simple things people can
do to help protect their computers, and we're encouraging people to take those
steps."
Internet users should follow these steps to prevent their computers from
becoming zombies:
-- Use a firewall to help protect their computer from hacking attacks
while it is connected to the Internet
-- Get computer security updates or use the Automatic Updates feature to
help shield their computer from viruses, worms and other threats
-- Use up-to-date anti-virus software to help protect themselves from new
threats
-- Get anti-spyware software, and beware of trickery to get them to
download and install unwanted and sometimes destructive software, such
as music or file-sharing programs and free games
-- Be cautious about opening any attachment or downloading files, and
never open attachments from people they do not know
Computer users can find more online tips to better protect their computers
at the FTC's Web site http://OnGuardOnline.gov and at
http://www.microsoft.com/athome/security.
About the Federal Trade Commission
The FTC works for the consumer to prevent fraudulent, deceptive, and
unfair business practices in the marketplace and to provide information to
help consumers spot, stop, and avoid them. To file a complaint in English or
Spanish (bilingual counselors are available to take complaints), or to get
free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP
(1-877-382-4357), or use the complaint form at http://www.ftc.gov. The FTC
enters Internet, telemarketing, identity theft, and other fraud-related
complaints into Consumer Sentinel, a secure, online database available to
hundreds of civil and criminal law enforcement agencies in the U.S. and
abroad.
About Consumer Action
Consumer Action (http://www.consumer-action.org) is a non-profit, membership-
based organization that was founded in San Francisco in 1971. Since then,
Consumer Action has continued to serve consumers nationwide by advancing
consumer rights, referring consumers to complaint-handling agencies through
our free hotline, publishing educational materials in Chinese, English,
Korean, Spanish, Vietnamese and other languages, advocating for consumers in
the media and before lawmakers, and comparing prices on credit cards, bank
accounts, and long distance services.
About Microsoft
Founded in 1975, Microsoft is the worldwide leader in software, services
and solutions that help people and businesses realize their full potential.
NOTE: Microsoft is a registered trademark of Microsoft Corp. in the
United States and/or other countries. The names of actual companies and
products mentioned herein may be the trademarks of their respective owners.
SOURCE Microsoft Corp.
 back to top
Related links:
http://www.microsoft.com
Photo Notes:
NewsCom:
http://www.newscom.com/cgi-bin/prnh/20000822/MSFTLOGO
AP Archive: http://photoarchive.ap.org
PRN Photo Desk, photodesk@prnewswire.com
CONTACT:
press only, Claudia Farrell of Federal Trade
Commission, +1-202-326-2181; or Linda Sherry of Consumer Action,
+1-202-544-3088; or Mike Wussow, +1-425-638-7000, or
mikew@WaggenerEdstrom.com, or Rapid Response Team,
+1-503-443-7070, rrt@WaggenerEdstrom.com, both of Waggener
Edstrom Worldwide for Microsoft
NOTE TO EDITORS: If you are interested in viewing additional
information on Microsoft, please visit the Microsoft(R) Web page
at http://www.microsoft.com/presspass on Microsoft's corporate
information pages. Web links, telephone numbers and titles were
correct at time of publication, but may since have changed. For
additional assistance, journalists and analysts may contact
Microsoft's Rapid Response Team or other appropriate contacts
listed at http://www.microsoft.com/presspass/contactpr.mspx.
|
