Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft attacks Zombi Masters. SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft attacks Zombi Masters.
If your an average user something like 50% of the spam you get comes from an infected home computer that has been turned into a spam zombie. These spam zombie's are used by spammers to send spam without revealing their actual network address. The spammers provide the spam content to the zombies and the zombies send the spam to the victims.
 
From http://spamkings.oreilly.com/archives/2005/10/microsofts_decoy_zombie.html
Microsoft said it has filed "John Doe" lawsuits against the operators of 13 spam organizations that use illegal "zombie" computers to send their spam. The company held a press conference today with officials from the Federal Trade Commission to announce the lawsuits, filed in Washington State's King Country court on August 17.
From an interview with Tim Cranton http://spamkings.oreilly.com/cranton.mp3

Microsoft has taken a new approach to security in particular in the enforcement side. They took a clean computer. Infected it with a common malicious code. That code turned the computer into a Spam zombie. A Spam zombie is a computer that is connected to the Internet that has been infected and checks in with the zombie controllers to let them tell it what to do. Microsoft documented 5 Million connections used to send over 18 million Spam messages in less then 3 weeks. This was just one computer. There are reported to be thousands of Spam zombies out there. Microsoft cordoned their Spam zombie off the net so it could not be used to actually send the Spam. Microsoft filed a lawsuit and contacted ISP's to try to discover who is really sending the Spam.

The SANS news bites letter has additional information on this.
http://www.sans.org/newsletters/newsbites/newsbites.php?vol=7&issue=48
 
donald

206 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!