Zombies are computers that are infected with malicious code so they can be controlled remotely by other people for illegal purposes. Through technological trickery, criminals can use these unconscious accomplices to send illegal spam, launch phishing campaigns to steal personal information, attack Web sites and computers, or engage in other illegal activity.
Microsoft investigators intentionally created a zombie computer, quarantined it to prevent it from actually sending spam messages, then carefully watched it for 20 days while investigators tracked and traced all Internet communications through the infected computer.
The statistics the investigators compiled were staggering. In less than three weeks, this single zombie received 5 million connection requests from spammers and 18 million spam messages advertising more than 13,000 individual Web sites. Evidence gathered in this exercise contributed to a lawsuit that has now identified 13 different spamming operations.
"The widespread use of zombie computers to commit crimes over the Internet presents a very real danger to law-abiding computer users," said Tim Cranton, director of Internet Safety Enforcement Programs at Microsoft. "This is precisely why Microsoft initiated this investigation into zombies and took legal action. As a result, we have identified more than a dozen spamming operations exploiting zombie networks to send millions of illegal spam messages. We will continue our investigations and will maintain a steady, concerted effort to identify and target criminals to help make the Internet safer."
The FTC, a federal consumer-protection agency on the forefront of the fight against cybercrime, has also intensified its efforts against zombies. Its "Operation Spam Zombies" with 35 government partners from more than 20 countries encourages Internet service providers (ISPs) to take zombie-prevention measures. The goal is to identify spam zombies and urge the providers that are hosting them to implement corrective measures. This month the FTC also launched OnGuardOnline.gov, a Web site that provides tips, articles and videos for computer users to help protect themselves and their information from online threats.
"Many computer users do not realize that hackers are using their machines to send bulk e-mails by the millions," said Lydia Parnes, director of the Bureau of Consumer Protection at the FTC. "We are pleased that industry leaders are stepping up their efforts to protect computer users from costly, annoying and intrusive spam zombies."
Other than sometimes creating extremely sluggish Internet connections and dramatically slowing overall computer performance, zombie computers show few recognizable signs of their infection. It has become increasingly important for computer users to protect their systems.
Ken McEldowney, executive director of Consumer Action, said people can take steps to protect themselves, but that raising awareness of the threat of zombies is a first step.
"You can learn how to protect yourself from these insidious threats," McEldowney said. "We always stress safety around Halloween. This October, we want to emphasize online safety, too. There are some simple things people can do to help protect their computers, and we're encouraging people to take those steps."
Internet users should follow these steps to prevent their computers from becoming zombies:
- Use a firewall to help protect their computer from hacking attacks while it is connected to the Internet
- Get computer security updates or use the Automatic Updates feature to help shield their computer from viruses, worms and other threats
- Use up-to-date anti-virus software to help protect themselves from new threats
- Get anti-spyware software, and beware of trickery to get them to download and install unwanted and sometimes destructive software, such as music or file-sharing programs and free games
- Be cautious about opening any attachment or downloading files, and never open attachments from people they do not know
