FTC Urges ISPs to Crack Down on Spam Zombies

The FTC will join with government agencies from around the world to alert ISPs about the spam zombie problem and encourage them to consider cutting off Internet access for problem machines.

The U.S. Federal Trade Commission plans to issue a statement Tuesday urging ISPs to take a tougher stance on compromised computers known as "spam zombies," which could include cutting off Internet access for the machines, which experts believe are responsible for sending out huge volumes of unsolicited e-mail messages.

The FTC will join with government agencies from around the world to alert ISPs about the spam zombie problem. ISPs should consider a number of options to stem the zombie problem, including better user education, anti-virus protection and even denying Internet access for problem machines, according to two FTC officials.

The statement is just the latest foray by the U.S. governments trade and consumer protection agency into the spam problem. The statement on spam zombies is similar in structure and intent to "Operation Secure your Server," a January 2004 initiative by the FTC and agencies in 26 countries, including the Office of Fair Trading in the U.K. and Canadas Competition Bureau, that urged ISPs to crack down on so-called "open relays" that spammers used to forward e-mail, said Don Blumenthal, coordinator of the FTCs Internet lab in Washington.

"Its an international effort, again, to alert ISPs and remind them about the problem of spam zombies," he said.

The FTC will suggest business and network practices ISPs can use to eliminate spam zombies and steps to prevent computers from being turned into zombies in the first place, he said.

/zimages/6/28571.gifClick here to read about the FTCs proposed changes to the CAN-SPAM Act.

The agency will also commission audits of zombie behavior by ICG Inc. of Princeton, N.J., an enterprise threat management company that has expertise researching the source of spam and has worked with ISPs, Blumenthal said.

Those audits will begin in July, he said.

Spam zombies are Internet-connected computers that have been infected with remote control software programs that allow distant attackers to send out spam messages from the machines, often coordinating the actions of hundreds or thousands of individual systems to launch massive spam campaigns.

Zombies are often created by computer viruses or worms. For example, recent versions of the Sober worm created thousands of new spam zombies, or "spambots," on systems they infected, replenishing a pool of zombie systems that had been declining for months, according to Charles McColgan, chief technology officer of Frontbridge Technologies Inc. in Del Rey, Calif., an e-mail security technology company.

Frontbridge saw spam messages from zombie machines decline from 42 million messages a day in February to just 15 million messages a day in April, before Sober boosted zombie output back up to record levels in May, he said.

/zimages/6/28571.gifRead more here about how a new variant of the Sober mass-mailing worm flooded inboxes with German spam.

In some cases, the traffic from zombies to e-mail servers on particular Internet domains was so heavy it created a denial of service on those servers, McColgan said.

The FTC will not stipulate best practices or demand that ISPs cut off zombie machines, though it will suggest that ISPs deny access to spam zombies where appropriate, Blumenthal said.

"We suggest that ISPs look at their Terms of Service agreement to see if a lack of attention to a demonstrated problem would be grounds for termination," he said.

Blumenthal said that the FTC vetted its recommendations with both large and small ISPs, as well as e-mail administrators in enterprises and the anti-spam community.

"These have been widely examined, edited and revisited until we came up with the final language," he said.

/zimages/6/28571.gifCheck out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.