Thought for the day: How to beat the sinister side of spamming

Failure to tackle zombies can lead to company blacklisting, says Pete Simpson

New Asset  
If your PCs are hijacked and turned into zombies for spammers, your company could find itself blacklisted and your communications blocked, says Pete Simpson.




Spam is driving IT departments crazy. Unsolicited e-mail wastes network and storage resources, steals staff time and diverts IT resources to managing defences and poring over quarantine lists.

Spam zombies are PCs and servers that have been hijacked to send out spam. Lots of spam. Much of the early press on this new threat has focused on the home PC user, the so-called "soft underbelly" of the internet. But if home PCs account for two-thirds of spam, the remaining third must come from PCs that live in businesses or government offices - the zombie in pin-stripes.

Thousands of businesses are acting as free distribution centres for spammers and helping to cover their tracks. It is a bitter irony. As businesses spend thousands of pounds trying to kill spam, many are blindly sending it out by the million.

It happens all too easily. A business user receives an innocent looking e-mail and opens the attachment. A Trojan horse invisibly installs itself on the user's PC and sends a message to a remote master, announcing a new, wide open "back door" and seeking further instructions.

These instructions can include a virus or a keystroke logger that steals sensitive information. Alternatively, it might simply turn the host PC into a spam server; further spreading spam, viruses and malicious code.

Corporate resources are probably the most prized by spammers because zombies on a corporate high-speed connection are particularly dangerous.

Analyst firm IDC estimated that 56% of Europe's PCs are in businesses rather than homes. Although these tend to be better defended than the typical home PC with its "always on" broadband connection, they are still far from immune to the zombie threat.

As spam zombies work invisibly, some companies might be tempted to look the other way. But most companies see spam as a serious enemy and are loath to play a part in distributing it.

Not only do zombies take up bandwidth, they can also cause the company to be blacklisted by spam-watching organisations.

Being blacklisted means the company will not be able to send out any e-mail at all - a crippling blow to most businesses. Getting removed from the blacklists can take hours or even days.

There is a lot a business can do to protect itself against zombie attacks and to identify and remove the zombies already inside.

The basic firewall and intrusion detection defences are clearly not enough - e-mail passes through firewalls. Web ports on firewalls are handy conduits for code that turns PCs into zombies.

Anti-virus and anti-spam packages will catch threats if they are updated religiously, but even these leave holes wide open for the new generation of malware.

The key to prevention is a multi-layered defence that includes a blend of anti-spam and anti-virus and crucially, security that can stop malicious code even before filters have been updated.

It is also important for IT to monitor e-mail and web traffic to look for telltale signs of active zombies, such as dramatically increased traffic from a single PC and outgoing e-mails that do not come from known mail servers.

We can all do our part to defend against them and to root them out. If your company is not part of the solution, it is part of the problem.

Pete Simpson is Threatlab manager at Clearswift

Read more on IT risk management