[ISN] Largest ISPs Attack 'Zombies'

From: InfoSec News (isn@private)
Date: Wed Jun 23 2004 - 04:00:55 PDT

  • Next message: William Knowles: "[ISN] PRC surfers hack into DPP Web site"

    http://www.washingtonpost.com/wp-dyn/articles/A61759-2004Jun22.html
    
    By Jonathan Krim
    Washington Post Staff Writer
    June 23, 2004
    
    The country's largest e-mail account providers called yesterday for a
    worldwide industry assault on "zombies," personal computers that have
    been unwittingly commandeered by spammers and used to send out
    unwanted e-mail and malicious programs.
    
    The Anti-Spam Technical Alliance, which includes America Online Inc.,
    Yahoo Inc., Microsoft Corp. and EarthLink Inc., urged all Internet
    providers to police their networks more aggressively and cut off
    machines suspected of being launching pads for spam.
    
    By some estimates, hundreds of thousands of computers around the world
    have been infected with software that lets them be used without their
    owners' knowledge. Such machines now account for as much as 40 percent
    of all spam.
    
    Large Internet providers typically monitor traffic on their networks
    and pinpoint machines that are sending out inordinate amounts of
    e-mail. When such machines are found, some Internet providers block
    their Internet access until their owners come forward, at which point
    they are given help to remove the software code used by the spammers
    before being reconnected.
    
    The zombie problem, said representatives of the group, is going
    largely unchecked because other Internet providers are not taking such
    action.
    
    "We're throwing the gauntlet down," said Ken Hickman, senior mail
    director at Yahoo. "We're saying, 'Hey, secure your networks.' "
    
    The proposal suggests that Internet providers that are quarantining
    zombies might reject all mail from networks that are not doing so.
    
    "If the ISP does not reasonably control abusive traffic, it is at risk
    of being blocked by other ISPs," said the group's report.
    
    "These machines are a security risk," added Brian Sullivan, senior
    technical director of mail operations at AOL.
    
    Mike Jackman, executive director of the California ISP Association,
    responded that smaller Internet providers generally do watch their
    networks closely and act when they see zombies.
    
    "They are doing it because it's in their interest to do it," Jackman
    said. Spammers "are eating up bandwidth."
    
    Jeffrey Sullivan, director of Verizon Communications Inc.'s Internet
    operations, said his company will not cut off a machine's Internet
    access until it has contacted the account owner. He said Verizon
    participated in the group's deliberations but is not a member.
    
    The group, which also includes Comcast Corp. and British Telecom, said
    the industry should standardize several other practices, including
    making sure that spammers cannot automatically register for e-mail
    accounts without verifying their identities.
    
    In addition, the group said, ISPs should not have servers -- computers
    that process mail -- that allow third parties to relay e-mail through
    them without being verified as legitimate account holders.
    
    But the group was not yet ready with unified standards for verifying
    the identity of e-mail senders, which is one of the industry's biggest
    initiatives.
    
    The four largest ISPs have been testing systems for authenticating
    senders to make it more difficult for spammers to disguise their
    identities and locations.
    
    The companies are working with Internet organizations that help
    develop technical specifications, and the process is likely to take
    until the end of the year.
    
    In the meantime, the group urges ISPs to prevent people from sending
    mail until they have been deemed valid account holders. Usually, the
    report said, this can be done by requiring user names and passwords to
    be provided before users are allowed onto e-mail systems.
    
    Anti-spam groups that have often been critical of ISPs for not being
    aggressive enough said the recommendations were hardly surprising.
    
    "It's a codification of existing best practices rather than anything
    that's truly new," said John Mozena, executive director of the
    Coalition Against Unsolicited Commercial Email.
    
    He said that while unplugging zombies is important, the system still
    depends on voluntary compliance.
    
    Mozena's group and others have sought legislation to allow consumers
    to hold network owners accountable for permitting spam.
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)
    



    This archive was generated by hypermail 2b30 : Thu Jun 24 2004 - 05:10:36 PDT