Sophos ZombieAlert Identifies Spammer-Controlled Computers On Business Networks
- 14 July, 2005 09:28
New automated service notifies organisations about their exploited and hijacked computers
Sophos, a global leader in computer security, has announced the launch of Sophos ZombieAlert, a new alert service that identifies 'zombie' computers attached to organisational and ISP networks. Zombie computers are infected machines that give control to unauthorised and remote hackers, allowing them to send spam from the computer or to launch email-based Denial-of-Service (DoS) attacks.
SophosLabs, Sophos's global network of virus and spam analysis centres, estimates that more than 50 percent of all spam today originates from zombie computers. In May, the Sober-Q Trojan horse and Sober-N worm worked in tandem to infect and hijack computers around the world, programming them to spew out German nationalistic spam during an election.
As spammers become more aggressive – collaborating with virus writers to create armies of zombie computers – legitimate organisations with hijacked computers are being identified as a source of spam. If wrongly identified as a spammer, an organisation risks long-term damage to its reputation and could have its legitimate email blocked by others.
For Internet Service Providers (ISPs), the problem is equally critical, since consumers are also prominent targets. This service enables ISPs to identify and alert consumers to the threat while providing the opportunity to recommend that end-users adopt safe computing habits.
ZombieAlert advises service subscribers when any computer on their network is found to have sent spam to Sophos's extensive global network of spam traps, and provides rapid notification to customers if their Internet Protocol (IP) addresses are listed in public Domain Name Server Blackhole Lists (DNSBL). This information helps customers locate, disinfect, and protect these systems from future attacks.
"The new Sophos ZombieAlert Service is ideal where remote and home users can represent significant security challenges for larger enterprises, organisations in the education and government sectors as well as ISPs," said Rob Forsyth, managing director for Sophos Australia and New Zealand.
"The global reach of SophosLabs allows us to look back from the internet and spot zombie computers attached to these networks. Once the service has identified them, we can then help our customers to remedy the situation, clean up compromised systems and protect them against future attack," Forsyth said.
Alan Ariti, Operations Manager, Westnet, Perth, WA said, that "Westnet has a growing concern with poorly protected computers potentially being compromised and recruited into the zombie networks. We look forward to trialling the Sophos ZombieAlert Service as a tool in further protecting our customer base."
Commenting on the announcement, David Ferris of Ferris Research, said, “Sophos is the first vendor we know of to offer an on-the-fly alert service that advises organizations that they are being used to host zombies. This service is unique and very timely. I would anticipate that competitors would soon follow suit."
“Our IT support staff spends a lot of effort and has good success protecting desktop systems and servers,” said Alan Pfeiffer-Traum, enterprise system administrator and electronic mail postmaster at the University of Houston. “It's a real challenge to extend that protection to computers that faculty and students bring with them to campus every day, not to mention those that access the campus VPN. Despite of our efforts, zombies happen. ZombieAlert is a very effective tool to catch those hijacked computers in the act. I especially appreciate that I don't have to depend on received complaints to be alerted - I can say we detected the abuse through our own monitoring.”
More information on this service can be found at www.sophos.com.au/zombiealert.html.
About Sophos. Sophos is a world leading computer security specialist, protecting customers against viruses, spyware, spam and email policy abuse. Headquartered in the UK, the company produces solutions tailored for organisations of all sizes – from small businesses to global corporations. Sophos is acclaimed for delivering the highest level of customer satisfaction and protection in the industry. The company's products are sold and supported in more than 150 countries and protect more than 35 million users.
Sophos’s regional head office for Australia and New Zealand is in Sydney, with branch offices in Melbourne and Auckland. The company has established an extensive partner network across the region. Sophos has also located one of its four, global, SophosLabs Research, Development and Analysis Laboratories and its Asia Pacific Technical Centre of Excellence, in Sydney, to provide global support and engineering services.
FOR FURTHER INFORMATION: Sophos's press contact at Gotley Nix Evans is: Michael Henderson (firstname.lastname@example.org) +61 2 9957 5555 (tel) +61 413 054 738 (mob) +61 2 9957 5575 (fax)