Slashdot Log In
Europe Home to Majority of Zombies
Posted by
samzenpus
on Wed Jun 01, 2005 09:56 PM
from the stop-the-spam dept.
from the stop-the-spam dept.
Rei writes "According to a recent CipherTrust study, the majority of Zombie PCs reside not in the US or China, but in Europe. Of the European zombies, 2/3 were either in Germany, France, or Britain. The results were released with the announcement of CipherTrust's new ZombieMeter. As a response to previous reports of high zombie activity, the London Action Plan launched Operation Spam Zombies in cooperation with numerous governments around the world."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
This might give us a hint ... (Score:5, Funny)
Re:Witches... in England! (Score:3, Funny)
This is so obvious. (Score:5, Funny)
Unbelievable (Score:5, Interesting)
Velcome to Shproket (Score:4, Funny)
Solution... (Score:5, Funny)
Ed: Any zombies out there?
Shaun: Don't say that!
Ed: What?
Shaun: The "zed" word. Don't say it!
Ed: Well... are they any?
Shaun: I don't see any. Maybe it's not as bad as all that.
Shaun: Oh, no wait, there they are.
Thank God (Score:5, Informative)
That isn't what the Zombie Meter says... (Score:5, Informative)
Re:That isn't what the Zombie Meter says... (Score:4, Funny)
I fart in your general direction.
Parent
The Remedy (Score:3, Funny)
Time for new SMTP error messages (Score:5, Funny)
I'm surprised there isn't a RBL for zonbies yet (Score:5, Insightful)
I worked at Netcom when we ended up on the RBL. We did not have strong Spam protection; for example, our credit card verifier did not contact the credit card company before giving someone internet access. Even after being placed on the RBL, management was unwilling to expend the resources needed to stop our Spam problem; they thought the RBL would just go away. Meanwhile, the number of people calling or emailing technical support doubled because they could not send mail increased (I helped make some graphs showing the increase in emails to tech support to convince management that this was a real problem). It took months for management to wake up, smell the coffee, and make it harder for spammers to get throw-away accounts on Netcom's network.
(For NANOG regulars at the time: It was I who wrote the "Keman-bot")
A similiar list needs to be set up; if a given ISP has zombies and does not cut off said zombies from the internet, the ISP needs to be blacklisted RBL style. Maybe then management will do something about the zonbie problem--such as cutting of zombie machines from the internet (redirecting all HTTP queries to a "You're a zombie so we cut you off page" for example).
Re:I'm surprised there isn't a RBL for zonbies yet (Score:3, Informative)
- Network usage is the easiest to monitor since it's little more than a script pointing out that a host is attacking other machines over port 445 or connected to port 6667. Just being on IRC or sharing your printer won't set off the scripts since they not only monitor raw traffic but also watch how quickly new connections are being made and
duh (Score:5, Interesting)
I was working on the mail server today, and going through logs tracking a clamav/amavis problem.
I started to notice that...one...after...another...the buggers were connecting. We're not even a very big site (just got a bunch of mailing lists). The DNS names were xxx-yyy-zzz-aaa.(something).(insert european country code).
They outnumbered legitimate connections easily 5:1 or more, and the sessions all consisted of:
client: "HELO, I'm in your domain! Here, have some email"
Postfix: "take a flying leap."
client: "HELO, I'm in your domain! Here, have some email"
Postfix: "take a flying leap."
client: "HELO, I'm in your domain! Here, have some email"
Postfix: "take a flying leap."
Every single one would try and send between 3 and 5 messages before finally realizing it wasn't going to work, and disconnecting. It's irritating, because we do actually run a couple of DNS blacklists, but it seems a lot of european systems aren't on them.
When are we going to stop taking the "oh, we'll just filter it" attitude? Feels like all we've accomplished in half a decade is to do spammer's work for them and make users complacent by hiding all this shit from them. It's a classic white elephant problem if I ever saw it...
Re:duh (Score:5, Insightful)
As a safety measure, the IP address has to be reported by X number or percent of the participating Postfix hosts to be considered valid.
Any IP address is added for a short period of time, say 72 hours, so if it's a machine that is hacked and quickly fixed the IP isn't blacklisted forever.
It seems like a distributed, real-time system like this would be effective.
Parent
Re:duh (Score:5, Interesting)
Parent
Pfft, old news (Score:5, Funny)
Take some responsibility (Score:4, Interesting)
So too, if you own a computer and want to be part of a community of connected computers, not bothering to inform yourself of how to do that does not excuse your responsibility for whatever damage your computer causes.
So what we do to spam zombies is:
a) block them totally and stop them from causing any more damage
b) send them an email telling them how much it cost to clean up their mess (usualy around $500), and that we will bill them if they do it again
c) only unblock them when they give us their assurance they understand what the future costs may be an will never allow it to happen again
d) permanently disconnect them and bill them the full amount of sysadmin and helpdesk time and materials of they allow it to happen again.
It's a really tough line, sure, we have lost maybe 3 customers as a result in 18 months (average spend per customer is $34 per month), out of 20,000. But it is far, far cheaper that the cost of just letting it happen unchecked.
Re:Take some responsibility (Score:4, Interesting)
Truth is that most of us trained full-time IT professionals don't completely know how to keep our systems clean, so you can't expect a user to do so.
It's more like a car causing an accident because somebody sabotaged the breaks. Not every driver is supposed to understand how their car works internally, let alone continuously check every technical detail of it, yet this is what you expect of average computer users.
It's like a war between highly funded, heavily armed, well trained green-berets and ordinary civilians; you think it's a fair fight?
Parent
the 6th sense (Score:5, Funny)
Crowe: In your dreams?
Cole shakes his head
Crowe: While you're awake?
Cole nods
Crowe: Dead people like in graves and coffins?
Cole:
Crowe: How often do you see them?
Cole: everytime I go to Europe, (pause) they're everywhere...
Hooray for the Internet (Score:5, Funny)
zergs (Score:3, Funny)
not rocket science (Score:5, Interesting)
Assuming the same level of spread of Internet access, the EU should have 1.5 times more zombies than the USA.
The site mentioned in the article shows that in May, EU had 1320985 zombies and the USA had 964020. That means the EU has 1.37 times the zombies of the USA, despite having 1.5 times more people.
In 2004, Internet usage rates were at 47% in EU and 52% in the USA.
Conclusion: the zombie rates don't vary between USA and Europe. Population, on the other hand, does vary. Therefore, you can expect the EU to continue to have more zombies than the USA. Also, as China's and India's internet usage grows, they will probably pull ahead in the stats.
Disclaimer: The numbers were pulled from various sites online using Google for searching. If someone has conflicting figures one way or the other, I wouldn't be surprised.
Re:Why is this so? (Score:5, Insightful)
Parent
Re:Zombies...? (Score:4, Funny)
Parent