rediff.com
News APP

NewsApp (Free)

Read news as it happens
Download NewsApp

Available on  gplay

Rediff.com  » Getahead » What on earth are Spam Zombies!
This article was first published 11 years ago

What on earth are Spam Zombies!

August 12, 2013 14:21 IST


Govind Rammurthy

In computer analogy a ‘Spam Zombie’ can be better explained as a computer which is connected to the internet that has been taken over by a hacker and is utilised to achieve malicious activities through remote direction.

IT administrators have to cope with the increasing pressure of various virus threats which increase downtime and affects business productivity. While dealing with the threats, keeping the business communication afloat and running is of utmost importance which includes exchange of information via e-mail. In course of time, new methods of e-mail spamming have spurted out leading to advanced forms of spams which now has a new mutant face added to the list labelled -- Spam Zombie. 

To introduce the term, we can elaborate on the term Spam Zombie as two distinct and separate entities for better clarity purpose -- ‘Spam’ and ‘Zombie’.

E-mail spam is nothing but unsolicited bulk or junk e-mail, a part of electronic spam where especially similar messages are sent to numerous recipients indiscriminately. For cyber criminals, sending spam e-mails is economically feasible since they only have to manage their mailing lists and there is no operating cost beyond management of this list. It is arduous to hold senders accountable for mass mailings as the restrictions to send spam is very negligible. As per the current situation of cyber security landscape, spammers are on the rise and the sheer volume of junk mail has reached to dizzying heights, virtually clogging e-mail traffic.

In computer analogy a ‘Zombie’ can be better explained as a computer which is connected to the internet that has been taken over by a hacker and is utilised to achieve malicious activities through remote direction.

A group of zombie computers known as Botnet is often widely used to propagate Denial-of-Service (DoS) attacks and spread e-mail spams. The computers that form a Botnet can be programmed to redirect transmissions to a specific computer. This process occurs without the knowledge of the owners of the Zombie computers who are unaware that their systems have been compromised and are utilised in such a manner.

Since the inclination of being unaware, these systems are hypothetically compared to Zombies that spread spam across the network under the remote control of a hacker.

A Spam Zombie takes form when a computer is compromised by a certain type of a virus called a Trojan, which deploys an SMTP (Simple Mail Transfer Protocol) client application that initiates the sending of e-mails directly from the compromised computer to tens of thousands of victims.

This process runs in the background and can be difficult to spot even by an experienced computer user. Spam Zombies are notoriously known to be the craftiest method of spamming developed so far. Since the broadband network today are particularly vulnerable to zombie attacks as many users continuously remain connected to the network, spammers have tremendous opportunities to launch attacks on insecure computers.

Money is the sole agenda and motive as with most of the cybercrimes today, which involves the use of Zombie computers to using deceptive scams from committing click advertising fraud, to lending the network to cyber criminals who use it for massive spamming and phishing purposes. In order to take spam zombies head-on, there are ways in which one can work and remain concern-free.

Primarily, one way is to have an effective anti-virus and firewall software up-to-date with the latest signatures and patches in order to stay away from becoming a Spam Zombie.

Also, Internet Service Providers (ISPs) can mitigate the issue of blocking Spam Zombies at the source by quarantining the IP address of the Spam Zombie computer. ISPs often are pressured to quarantine the IP address of a computer which has been detected as a Spam Zombie since they are at a risk of their entire IP range being banned by organisations employing spam filtering services.

The best viable option is to run a full virus scan within the network in order to determine if the system has been infected with the possibility of a Spam Zombie. However, organisations can begin with identifying their SMTP servers and only allow these servers to communicate with the outside world, rest all the user computers are to be refrained from sending SMTP traffic to outside servers other than their own.

The battle is half-way won when you strike Spam Zombies with updated security application and utilising a pre-dominant software firewall to monitor and safeguard your activities online thus reducing the risk of getting infected.

The author is MD & CEO, eScan