Spam Zombies Jump

CipherTrust spotted the increase in zombies by deploying a honeypot network that, although susceptible to exploit, could not be forced to actually send spam.

June 8, 2006

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

The volume of spam surged in May by 20 percent, a security company said Thursday, as the number of new zombies -- compromised computers spewing junk mail without their users' knowledge -- increased by about the same amount.

According to message security vendor CipherTrust Inc., the bump-up in spam is the first since November 2005. "It may be a cyclical thing, or it could just be a coincidence" that these jumps happen about every six months, said Dmitri Alperovitch, CipherTrust's chief research scientist.

"We've seen a huge increase in 'image' spam, and that seems correlated to the increase in spam overall," he added. Image-based spam messages eschew text and instead use graphics to make their spiel, hoping that the tactic slips the message through anti-spam filters.

CipherTrust spotted the increase in zombies by deploying a honeypot network that, although susceptible to exploit, could not be forced to actually send spam.

The Atlanta-based company also traced the spam traffic from the zombies, which sent the mail, back to the spam servers, the systems controlling the zombies. "Taiwan is the new best location for spam servers," said Alperovitch. Nearly two-thirds of the world's spam servers are physically located on the small island off the coast of the People's Republic of China."Bandwidth is cheap there, and it's easy to get 'bullet-proof' servers, ones hosted by ISPs which are resistant to take-down attempts by authorities," said Alperovitch. Unlike zombies and servers hosting phishing sites, these controlling servers stay alive for months at a time.

Although spam -- which has showed virtually no growth since November -- increased last month, Alperovitch was encouraged by the drop in the zombie count in the U.S.

"The U.S. share [of zombies] is falling, and is now down near Germany's. I think it's because of the better enforcement by ISPs here. They're more likely to shut down zombies on their networks now."

Read more about:

2006
SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights