The US Federal Trade Commission (FTC) in conjunction with regulatory bodies in about 30 countries, is about to launch a new education campaign directed at Internet service providers (ISPs). Its message? The zombies are out of control.
These zombie networks account for a large percentage of unsolicited email being sent on the Internet, said Don Blumenthal, Internet lab coordinator at the FTC, Don Blumenthal, said.
"I've seen estimates that anywhere from 80 to 90 per cent of the spam out there is processed through [zombie networks]," he said. "It is certainly a critical problem."
Attackers use malicious software distributed over the Internet to gain control over unsecured PCs and servers. They then use these zombie systems to do things such as launch denial of service (DoS) attacks, or send unsolicited email, generally without the knowledge of the system's owner. An average of 157,000 new zombies are identified each day, and much of the unwanted zombie activity is now coming from outside of the US, according to security company, CipherTrust.
The FTC launched the campaign in conjunction with many of the same agencies that participated in its secure your server antispam campaign last year, including agencies from Europe, Asia, and Latin America, Blumenthal said.
As part of the campaign, the FTC will send out letters to about 3000 ISPs asking them to examine the flow of their network traffic in order to identify potential spammers and to prevent some users from setting up servers that use the Internet standard port 25 number to identify themselves as email servers.
The FTC had also entered into a six-month contract with ICG to help notify ISPs of potential spam problems on their networks, Blumenthal said. Starting in about a month, the cyber-investigation company would begin searching for the sources of unsolicited email and notifying ISPs around the world of any problems that can be traced to their networks.
Many of the FTC's recommendations are already being implemented by ISPs, but the agencies involved would like to see them more widely adopted. Corporate email administrators would benefit from adopting the techniques as well, Blumenthal said.
Blumenthal would not comment on what, if any, regulatory measures the FTC was considering to address the zombie problem.
"This is an educational campaign, and that's really all it is," he said.