Largest ISPs Attack 'Zombies'

[InfoSec News <isn () c4i org>]

http://www.washingtonpost.com/wp-dyn/articles/A61759-2004Jun22.html

By Jonathan Krim
Washington Post Staff Writer
June 23, 2004

The country's largest e-mail account providers called yesterday for a
worldwide industry assault on "zombies," personal computers that have
been unwittingly commandeered by spammers and used to send out
unwanted e-mail and malicious programs.

The Anti-Spam Technical Alliance, which includes America Online Inc.,
Yahoo Inc., Microsoft Corp. and EarthLink Inc., urged all Internet
providers to police their networks more aggressively and cut off
machines suspected of being launching pads for spam.

By some estimates, hundreds of thousands of computers around the world
have been infected with software that lets them be used without their
owners' knowledge. Such machines now account for as much as 40 percent
of all spam.

Large Internet providers typically monitor traffic on their networks
and pinpoint machines that are sending out inordinate amounts of
e-mail. When such machines are found, some Internet providers block
their Internet access until their owners come forward, at which point
they are given help to remove the software code used by the spammers
before being reconnected.

The zombie problem, said representatives of the group, is going
largely unchecked because other Internet providers are not taking such
action.

"We're throwing the gauntlet down," said Ken Hickman, senior mail
director at Yahoo. "We're saying, 'Hey, secure your networks.' "

The proposal suggests that Internet providers that are quarantining
zombies might reject all mail from networks that are not doing so.

"If the ISP does not reasonably control abusive traffic, it is at risk
of being blocked by other ISPs," said the group's report.

"These machines are a security risk," added Brian Sullivan, senior
technical director of mail operations at AOL.

Mike Jackman, executive director of the California ISP Association,
responded that smaller Internet providers generally do watch their
networks closely and act when they see zombies.

"They are doing it because it's in their interest to do it," Jackman
said. Spammers "are eating up bandwidth."

Jeffrey Sullivan, director of Verizon Communications Inc.'s Internet
operations, said his company will not cut off a machine's Internet
access until it has contacted the account owner. He said Verizon
participated in the group's deliberations but is not a member.

The group, which also includes Comcast Corp. and British Telecom, said
the industry should standardize several other practices, including
making sure that spammers cannot automatically register for e-mail
accounts without verifying their identities.

In addition, the group said, ISPs should not have servers -- computers
that process mail -- that allow third parties to relay e-mail through
them without being verified as legitimate account holders.

But the group was not yet ready with unified standards for verifying
the identity of e-mail senders, which is one of the industry's biggest
initiatives.

The four largest ISPs have been testing systems for authenticating
senders to make it more difficult for spammers to disguise their
identities and locations.

The companies are working with Internet organizations that help
develop technical specifications, and the process is likely to take
until the end of the year.

In the meantime, the group urges ISPs to prevent people from sending
mail until they have been deemed valid account holders. Usually, the
report said, this can be done by requiring user names and passwords to
be provided before users are allowed onto e-mail systems.

Anti-spam groups that have often been critical of ISPs for not being
aggressive enough said the recommendations were hardly surprising.

"It's a codification of existing best practices rather than anything
that's truly new," said John Mozena, executive director of the
Coalition Against Unsolicited Commercial Email.

He said that while unplugging zombies is important, the system still
depends on voluntary compliance.

Mozena's group and others have sought legislation to allow consumers
to hold network owners accountable for permitting spam.



_________________________________________
ISN mailing list
Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
(Broke? Spend 15 minutes a day on the project!)