New Tool Shows Countries Where Zombie PCs Are

Provides insight into the countries with the greatest number of computers pressed into service for illegal activity

by / May 26, 2005
Earlier this week, the Federal Trade Commission launched Operation Spam Zombie. This new operation is a campaign to educate Internet Service Providers about measures they can take to identify zombie computers on their networks and notify customers that their computers are sending spam as well as identify the sources of so-called botnets, or computers that have been hijacked for such activities as launching distributed denial of service (DDoS) attacks, sending spam, phishing attempts and distributing viruses.

E-mail security vendor MX Logix estimates that 44 percent of spam comes from such zombie computers connected to the Internet via "always-on" broadband. E-mail security vendor, CipherTrust, reported 172,000 new zombies came online daily in May for a total of over 5.3 million zombies for the month, up from 4.9 million in April. 20 percent of zombies were found in the United States, 15 percent in China and 26 percent in the European Union. This information was compiled from data gathered from sensors installed in over 1,500 CipherTrust IronMail e-mail security appliances deployed worldwide. May 2005 is the first month for which such information is available.

Today, CipherTrust announced a new tool on their Web site that tracks the location of zombie computers by country. The ZombieMeter map, as the application is called, provides a day-to-day bar graph of new zombies coming online by country.

The graph provides some insight into the incidence of new zombies, and with the inclusion of more data, such as precise dates, could provide law enforcement and security professionals with information on patterns of new zombies coming online. For example, for the month of May, according to a graph included in CipherTrust's ZombieMeter, the United States saw a high number of zombie computers at the beginning and end of the month with a moderate decrease in the number of zombies in the middle of the month. The European Union, which accounted for 26 percent of new zombies in May, saw consistently high levels of new zombies come online in the beginning and end of the month with a sharp decrease in the number of new zombie computers coming online in the middle of the month; whereas China saw very few zombies come online in the beginning of the month but saw a sharp increase in zombies coming online in the middle of May.

In an interview, a CipherTrust spokesman said the company looks forward to understanding Operation Spam Zombie and working with the FCC to carry it out.

Two measures organizations can use to keep computers on their networks from becoming zombies used for illegal activity include keeping virus definitions and firewalls up-to-date and exercising caution is opening programs from the Internet and e-mail attachments.