Europe Home to Majority of Zombies 357
Rei writes "According to a recent CipherTrust study, the majority of Zombie PCs reside not in the US or China, but in Europe. Of the European zombies, 2/3 were either in Germany, France, or Britain. The results were released with the announcement of CipherTrust's new ZombieMeter. As a response to previous reports of high zombie activity, the London Action Plan launched Operation Spam Zombies in cooperation with numerous governments around the world."
Thank God (Score:5, Informative)
That isn't what the Zombie Meter says... (Score:5, Informative)
Re:This might give us a hint ... (Score:2, Informative)
Re:I'm surprised there isn't a RBL for zonbies yet (Score:3, Informative)
- Network usage is the easiest to monitor since it's little more than a script pointing out that a host is attacking other machines over port 445 or connected to port 6667. Just being on IRC or sharing your printer won't set off the scripts since they not only monitor raw traffic but also watch how quickly new connections are being made and such. I should mention that we allow anyone to run anything on this network with no maximum bandwidth usage, provided it's all legal (so an open Gnutella port means nothing, lots of traffic over DC++ is fine, downloading tens of Gigabytes over BitTorrent is fine - we don't care until the copyright violation letters roll in).
- Back on topic, our firewalls monitor evidence of port scanning. This is something you'd better not get caught doing since they're so destructive to the network (I.E. something like a network-aware electron microscope or CAT scanner will often crash if you send fragmented SYN packets at it, so don't).
- And best of all we not only implement PureMessage and antivirus filters on our IMAP and POP3 servers, we have two SMTP servers (one for residents, one for everything else) and all outgoing SMTP must go through those (and IIRC you must authenticate to the SMTP server as well). We realised we had no choice but to implement a very strict system like this when AOL blocked @ncsu.edu!
When we detect a machine that's been compromised it gets blocked automatically. It's nice that in the case of a resident getting blocked we send emails to both that student and their roommate as we (currently) have no way of knowing whose machine we've blocked. If they need help we've got great support.
Why don't all ISPs have strict policies like this? AOL was shown in an earlier article to be home to more compromised hosts than any other. Maybe they should start blocking MACs of known compromised hosts and better integrate antivirus software into the Win32 software. Best yet would be to automate a phone call to the household that has been blocked as soon as it happens to alert the customer that and why they've been temporarily blocked.
How hard could it really be to include Stinger on those AOL CDs?
Re:SPF & Sender ID (fixing SMTP) - RBL for zom (Score:1, Informative)
The other issue is that there is a lot of nastyness done with zombies, such as Wiki-spamming (This is a popular target [wikipedia.org]), DDOS attacks, and what not that SPF doesn't address at all.
Proportions of Zombies (Score:3, Informative)
China has a population of about 1.3 billion. The USA has a population of about 295 million. South Korea has a population of approximately 48 million, less than a fifth that of the US, and under 1/20th that of China, yet it has about half the number of zombies of the US.
Proportionally South Korea is by far the worst offender on the list.
How difficult is it to keep your OS up to date and run virus scanners?
The "May Top 10" chart on CipherTrust's web site of course features the "European Union", yet on the same list we see Germany, France, UK and Spain, all member states of the EU.
Look at the numbers... (Score:1, Informative)
EU : 457million
USA: 296million
Zombies in May:
EU : 26.16% (1320985)
USA: 19.08% (964020)
So, zombies per capita:
EU : 0.00289 (1 zombie per 346 people)
USA: 0.00326 (1 zombie per 307 people)
Sources:
http://www.cia.gov/cia/publications/factbook/rank
http://www.ciphertrust.com/resources/statistics/z
Re:I'm surprised there isn't a RBL for zonbies yet (Score:3, Informative)
There is [spamhaus.org].
Re:isn't surprising (Score:2, Informative)
That being said, according to TFA, The origin of the zombie machines may change on a daily basis as machines can be infected anywhere in the world. CipherTrust has found that during April and May, the largest percent of zombie originations have alternated between China and the United States. In addition, during the first three weeks of May, approximately 26% of daily new zombies originated in the European Union, so let's not jump to any conclusions about Europe's supposed backwardness here. The figures may very likely show an entirely different picture again tomorrow, as they apparentely did just a few weeks ago.