A common axiom in the world of network security is that, "the only way to truly protect your computer is to disconnect it from the Internet." In today's society, this is completely impractical. In an effort to test the ramifications of leaving a computer unprotected on the largest network in the world, the Internet, Microsoft came up with some startling results.
As an experiment, Microsoft took an otherwise clean computer and allowed it to be turned into a "zombie". Over a three week period, they noted that this zombie received 5 million connection requests from spammers around the world. If this wasn't bad enough, from this one computer, over 18 million spam messages were sent on behalf of 13,000 individual websites. Again, this is from one computer.
What is a "Zombie?"
For those unfamiliar with the term "zombie", it is synonymous with the monsters made famous in George Romero's horror films. A zombie is a computer that has been infected by a piece of malicious software such as a Trojan horse or another type of malware. Once infected, the zombie's sole purpose is to perform a malicious task on behalf of the attacker. Zombies can be used to bring down corporate networks, websites, and send mass amounts of spam to individual users.
Zombies for Rent
Security experts suggest that the number of computers compromised by such malware numbers is in the millions, and why not? Renting a network of zombies, often called a botnet, can bring $2,000 to $3,000 to the owner for 20,000 such machines. To combat this growing problem, computer users are turning towards Internet Service Providers for an answer. Although many ISP's have tried educating customers on how to secure their computers, it is evident that this approach has not been all too successful. Paul Stamp of Forrester Research has gone on to say that if the hands-off approach continues, the Internet itself "would eventually grind to a halt." (ZDNet News, July 19, 2005)
The ISP Response
To combat this ISP's are looking at two different approaches. The first is what is known as port 25 blocking. This essentially attempts to block junk mail by blocking any message that does not originate from the ISP's mail server. Since most spam originates from the spammer's server this may help reduce the amount of unsolicited mail. While this seems easy enough, it is important to remember that this is nothing more than a band-aid approach. Spammers have since found ways to bypass this filter. Enter the second solution. In a recent SANS survey, 21% of those polled blame Internet problems (such as malware, spyware, and spam) on individual users. Since the education campaign hasn't shown much success, the Anti-Spam Technical Alliance has recommended to ISPs that they suspend email service for users whose computers have been turned into zombies.
The flip side to this is lost revenue from angry customers whose service has been halted, and an increase in expenditures due to a flood of customer service calls. However, when an estimated 90% of all spam is originating from zombies, until the end user understands the real problem that malware poses to the Internet as a whole, it may be the only viable solution.
