Page last updated on: 2007-08-19
New (2007-01-22) - Microsoft organizes a meeting with security experts worldwide to combat botnets. Not exactly an agile reaction to a huge problem!
New (2005-05-25) - (Finally!) The FTC announces new initiative to Educate ISPs! Looks like I wasn't too far off the mark with this web page in early 2005! CipherTrust announces a ZombieMeter tool.
If your Internet connection is coming from an ISP that provides broadband
(ADSL, cable-modem) connections, then there's a good chance that your ISP is
complicit in the spam problem. This is because your own ISP may be
hosting PCs (like yours and mine) that are infected with viruses that allow
a spammer to use those PCs to send spam (among other things). Such groups of
infected PCs are often referred to as zombie armies.
Zombies? That sounds like fantasy! You've probably heard of the Sobig worm (or virus, trojan, bot, etc.), or other virulent strains of viruses that can make their way onto a PC near you. Zombies usually start out as a seemingly harmless, albeit annoying virus on your PC.
Much of today's spam (as high as 80% by some estimates) is sent through zombie armies.
An ISP has the authority and the power to enforce security on their own network, to hunt down the zombies and block them from sending spam. But many ISPs today are frankly lazy in this regard and don't accept this responsibility. Many put the blame entirely on the end user, who isn't running a firewall or anti-virus, or the software manufacturers who don't design secure software in the first place. Although these points are important, it does not remove the responsibility from the ISP.
There are far too many machines connected to the Internet that have been (or soon will be) turned into spam zombies to send spam. ISPs need to be educated to use the tools freely available on the Internet to hunt down the zombies and stop them.
Chances are, your ISP already knows about its problems with zombie PCs on its own network. However, they can be slow to react for various reasons -- it costs money to hire and train staff to patrol the network, they have to properly explain to an infected (ignorant) user what a zombie is, how to clean it from the PC, they have to provide information on how to prevent it in the future. Many broadband ISPs are more concerned about how to implement IP telephony (to make more money) than they are about fighting zombies. Zombie hunting is not a revenue source for them.
If your ISP is a zombie haven, you can contact your ISP and let them know you are aware of the problems, and that they are embarrassingly bad! Thanks to information readily available on the internet, you can even tell them which machines are likely zombies!
What is senderbase.org? According to their web site:
SenderBase is the world’s leading email traffic monitoring network, designed to help email administrators research senders, identify legitimate sources of email and stop threats such as spam and viruses.
Many ISPs already use senderbase.org. Unfortunately, too many probably are not.
Here's how you can find out if your ISP has zombie problems (you are really doing the ISP's job for them, but this is how you educate):
 |
 |
 |
 |
The folks at NJABL.org (as well as many other real-time blacklists for open proxies and relays) as well as senderbase.org have done a huge service to the Internet community by providing this information. As a paying customer of your ISP, you can hopefully get them to use it! You shouldn't have to educate them, but they shouldn't take you for a fool either.
Yes, no, and yes (for a different reason).
Yes - by installing a firewall, an anti-virus software, by updating the operating system with security patches, end-users will help prevent their machines from becoming zombies. That's easy to see once you've made the step.
No - my Aunt Martha or Uncle John who are using their PCs to surf the Internet or send photos to each other through email, have no idea about firewalls, etc. I would argue that the "average" end users see their Internet connection as a general home utility, like cable, phone, electricity, gas, etc. This is rightly so -- much of the Internet's success is due to this simplicity of access. Furthermore, the ISPs market their products that way in their advertisements.
We all have to do our part in the fight against spam. The reality is that the technology and the spammers/crackers evolve much faster than the lawmakers or the policy makers. The purpose of this web page is to point out that many ISPs are not doing their part and to inform some end-users to put the pressure on them and hold them accountable.
It's much like automobiles and highways. Many localities won't allow automobiles that are unfit for the environment to drive on roads. If a police officer, patrolling the highway, spots a vehicle that is unfit, he cites the owner (usually a warning the first time, since the user may be ignorant of the problem).
I believe it's reasonable that ISPs do the same with their clients' computers connected to their networks. Until somebody with authority enforces some order regarding general network security, we cannot realistically expect all end-users to all be good citizens and make sure their PCs are up to security standards.
Yes - because end-users are "ignorant" about the complicity of their lax ISPs with respect to security, the ISPs are getting away with being lax! Again, this is the problem I'm attempting to fix with this web page.
If your ISP has lots of zombie PCs and isn't doing enough to eliminate them, perhaps the loudest, free-market message to send them would be to take your business to another ISP, letting them know clearly why you've left.
In my city, however, there is only one ISP that provides cable-modem access. The competition's price/bandwidth is not attractive, so I'd be paying more for less bandwidth with DSL. I argue that is a big part of the problem.
In such a case, it's a personal choice one makes to "educate" your ISP by asking them informed questions. I believe that it can make a difference.
Think about it. If one residential user's PC is sending 100,000 spams/day, and we assume a typical spam message is 4 Kb, that's a transmission of more than 11 Gb/month! Most ISPs are going to charge an extra fee to a residential, broad-band user for using so much bandwidth.
What's worse is that ignorant users may not realize why their bandwidth is so high (when they see the surcharges on their bill). When they phone up the customer support about their bill, the ISP may encourage them to upgrade to a higher forfeit bandwidth package. Zombies are not the only reason why bandwidth usage could be high. Peer-to-peer applications (BitTorrent, E-mule, etc.) are very popular. A user running one of these applications and also infected with a zombie would have to be fairly sophisticated to be able to know what percentage of bandwidth was due to zombie spams originating from his PC.
I'm not saying that ISPs have a formal policy to not shut down zombies because they generate traffic. But it's clear that if we allow them to keep their zombies, they are profiting from it!
Read the following articles:
"The solution is getting messaging providers to take responsibility for their lame email systems that they set up without much thought and continue to not care much about when they become overrun by spammers."
"Some individual appears to have hijacked more than a 1,000 home computers starting in late June or early July and has been installing a new Trojan Horse program on them."
"Despite the decline, Comcast continues to rank highest on SenderBase's e-mail volume rankings." [blocking port 25 is not the same thing as hunting down zombies]
-
everything you didn't want to have to know about spam.
Feedback? Questions? Found a technical error? Please contact the author of this page by email: