Sophos, a world leader in protecting businesses against spam and
viruses, has announced the launch of Sophos ZombieAlert™,
a new alert service that identifies 'zombie' computers on an
organisation's network. Zombie computers are infected machines that
give control to unauthorised and remote users, allowing them to
send spam from the computer or to launch email-based
Denial-of-Service (DoS) attacks.
SophosLabs, Sophos's global network of virus and spam analysis
centres, estimates that more than 50 percent of all spam today
originates from zombie computers. In May, the Sober-Q Trojan horse
and Sober-N worm worked in tandem to infect and hijack computers
around the world, programming them to spew out German nationalistic
spam during an election. As spammers become more aggressive -
collaborating with virus writers to create armies of zombie
computers - legitimate organisations with hijacked computers are
being identified as a source of spam. This not only harms the
organisation's reputation, but can also cause the company's email
to be blocked by others.
ZombieAlert advises service subscribers when any computer on
their network is found to have sent spam to Sophos's extensive
global network of spam traps, and provides rapid notification to
customers if their Internet Protocol (IP) addresses are listedin
public Domain Name Server Blackhole Lists (DNSBL). This information
helps customers locate, disinfect, and protect these systems from
"Aside from consumers, organisations such as educational
institutions and governments probably face the greatest risk of
becoming part of a zombie computer network because they have both
remote and home users," said Carole Theriault, security
consultant at Sophos. "ZombieAlert never sleeps, providing
round-the-clock surveillance of spam seen spreading across the
internet, and determining its origin."
For Internet Service Providers (ISPs), the problem is equally as
critical, since consumers are also prominent targets. This service
enables ISPs to identify and alert consumers to the threat while
providing the opportunity to recommend that end-users practice safe
"Sophos's global network of threat analysis centres is ideally
positioned to advise on new and emerging threats, such as
compromised computers spewing spam," continued Theriault. "Once
compromised computers have been identified by the service, we can
help affected users remedy the situation, clean-up their systems
and fortify their defences against future attack."
"Sophos is the first vendor we know of to offer an on-the-fly
alert service that advises organizations that they are being used
to host zombies," said David Ferris of Ferris Research. "This
service is unique and very timely. I would anticipate that
competitors would soon follow suit."
"Our IT support staff spends a lot of effort and has good
success protecting desktop systems and servers," said Alan
Pfeiffer-Traum, enterprise system administrator and electronic mail
postmaster at the University of Houston. "It's a real challenge to
extend that protection to computers that faculty and students bring
with them to campus every day, not to mention those that access the
campus VPN. Despite of our efforts, zombies happen. ZombieAlert is
a very effective tool to catch those hijacked computers in the act.
I especially appreciate that I don't have to depend on received
complaints to be alerted - I can say we detected the abuse through
our own monitoring."