|
| Zombie computers are used to send spam and plant
unwanted software. |
Experts at SophosLabsâ„¢, Sophos's global
network of virus, spyware and spam analysis centers, have welcomed
the news that the South Korean authorities have arrested a man
suspected of running a 16,000-strong network of zombie
computers.
According to the state-backed Korea Information Security Agency
(KISA), the man is believed to have sent 18 million spam emails to
133 countries every day from his network (or botnet) of compromised
computers.
Working with the police, KISA identified a man who has been
running the botnet of 16,000 computers for the last six months
using it to send out large amounts of loan-related spam.
Last month, Sophos published a report
placing South Korea as the third biggest relayer of spam,
accounting for almost 10% of all junk mail seen by Sophos's global
network of spam traps.
"Spammers usually don't use their own computers to send out
their unwanted messages - instead they infect and take over
innocent people's vulnerable computers using malware and use them
to churn out the spam," said Graham Cluley, senior
technology consultant for Sophos. "South Korean computers are often
exploited in this way by spammers because of the country's
impressive internet infrastructure, but the messages sent from
those computers can end up in the inboxes of people anywhere in the
world. For the Koreans to catch their first zombie master is great
news for everybody who uses the internet."
Zombie computers - are your PCs under someone else's
control?
Zombie computers can be used by criminal hackers to launch
distributed denial-of-service attacks, spread spam messages or to
steal confidential information.
As spammers become more aggressive, collaborating with virus
writers to create armies of zombie computers, legitimate
organizations with hijacked computers are being identified as a
source of spam. This not only harms the organization's reputation,
but can also cause the company's email to be blocked by others.
Sophos ZombieAlertâ„¢
advises service subscribers when any computer on their network is
found to have sent spam to Sophos's extensive global network of
spam traps, and provides rapid notification to customers if their
Internet Protocol (IP) addresses are listed in public Domain Name
Server Block Lists (DNSBL). This information helps customers
locate, disinfect, and protect these systems from future
attacks.
Sophos continues to recommend that computer users ensure their
anti-virus software is up-to-date, and that companies protect
themselves with a consolidated solution
which can defend them from the threats of viruses, spyware and
spam.
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.