Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Spam IT

Europe Home to Majority of Zombies 357

Rei writes "According to a recent CipherTrust study, the majority of Zombie PCs reside not in the US or China, but in Europe. Of the European zombies, 2/3 were either in Germany, France, or Britain. The results were released with the announcement of CipherTrust's new ZombieMeter. As a response to previous reports of high zombie activity, the London Action Plan launched Operation Spam Zombies in cooperation with numerous governments around the world."
This discussion has been archived. No new comments can be posted.

Europe Home to Majority of Zombies

Comments Filter:
  • ... as to where the evil clerics are.
  • by Seumas ( 6865 ) on Wednesday June 01, 2005 @09:58PM (#12701406)
    This has been obvious to me ever since Wolfenstein 3D almost 14 years ago.
  • Unbelievable (Score:5, Interesting)

    by SamMichaels ( 213605 ) on Wednesday June 01, 2005 @10:01PM (#12701438)
    This just goes to show that no one knows where spam and zombies reside. Everyone's "research" (obviously riddled with bias) says it's some place else.
    • I don't read it that way. 20% US and 26% EU is roughly proportional to population.
      • What about China? Considering how few people can actually afford a Computer with an Internet connection there one might tend to believe 100% of Chinese computers are 0wned!

        (If not by hackers then by the government ;-)
  • by jrivar59 ( 146428 ) on Wednesday June 01, 2005 @10:02PM (#12701440)
    Voud u like to touch my zombie?
  • Solution... (Score:5, Funny)

    by da3dAlus ( 20553 ) <dustin.grau@REDHATgmail.com minus distro> on Wednesday June 01, 2005 @10:04PM (#12701451) Homepage Journal
    Call in Shaun of the Dead!

    Ed: Any zombies out there?
    Shaun: Don't say that!
    Ed: What?
    Shaun: The "zed" word. Don't say it!
    Ed: Well... are they any?
    Shaun: I don't see any. Maybe it's not as bad as all that.
    Shaun: Oh, no wait, there they are.
  • Thank God (Score:5, Informative)

    by Chemical ( 49694 ) <nkessler2000@hotma[ ]com ['il.' in gap]> on Wednesday June 01, 2005 @10:06PM (#12701458) Homepage
    I expected something like this might happen some day, but I'm ready, thanks to this [amazon.com]. Bring it on!
  • by colinemckay ( 610522 ) on Wednesday June 01, 2005 @10:08PM (#12701469)
    Top 10 includes the US at 28.5%. No EU country is in the top ten list. "during the first three weeks of May, approximately 26% of daily new zombies originated in the European Union, including 6%, 5% and 3% of new zombies originated in Germany, France and the United Kingdom, respectively." That's NEW zombies. The EU share of zombies is increasing, but it isn't the major source (yet).
  • The Remedy (Score:3, Funny)

    by SparksMcGee ( 812424 ) on Wednesday June 01, 2005 @10:09PM (#12701472)
    Whether hacked computers and their clueless users or hideous undead out for brains, nothing beats the tried and true shotgun.
  • by TheNarrator ( 200498 ) on Wednesday June 01, 2005 @10:09PM (#12701474)
    550 <cleric@darkcastle.com>: Recipient address rejected: cleric casts repel undead at spam zombie;
  • (filler)
  • by Anonymous Coward on Wednesday June 01, 2005 @10:11PM (#12701486)
    Back in the 1990s, Spam was a big problem. The problem was that a number of ISPs would ignore Spam complaints, or would even encourage spammers to be on their networks. Once enough ISPs refused to listen to complaints, Paul Vixie started the Realtime Blackhole List, which would allow people to find out if a given IP was blacklisted, and refused to receive email from a blacklisted IP.

    I worked at Netcom when we ended up on the RBL. We did not have strong Spam protection; for example, our credit card verifier did not contact the credit card company before giving someone internet access. Even after being placed on the RBL, management was unwilling to expend the resources needed to stop our Spam problem; they thought the RBL would just go away. Meanwhile, the number of people calling or emailing technical support doubled because they could not send mail increased (I helped make some graphs showing the increase in emails to tech support to convince management that this was a real problem). It took months for management to wake up, smell the coffee, and make it harder for spammers to get throw-away accounts on Netcom's network.

    (For NANOG regulars at the time: It was I who wrote the "Keman-bot")

    A similiar list needs to be set up; if a given ISP has zombies and does not cut off said zombies from the internet, the ISP needs to be blacklisted RBL style. Maybe then management will do something about the zonbie problem--such as cutting of zombie machines from the internet (redirecting all HTTP queries to a "You're a zombie so we cut you off page" for example).
    • At the ISP where I work we've got an approach something like this. We've got scripts running that analyze network usage, watch for port scanning, and regulate email.
      - Network usage is the easiest to monitor since it's little more than a script pointing out that a host is attacking other machines over port 445 or connected to port 6667. Just being on IRC or sharing your printer won't set off the scripts since they not only monitor raw traffic but also watch how quickly new connections are being made and
      • Back on topic, our firewalls monitor evidence of port scanning. This is something you'd better not get caught doing since they're so destructive to the network (I.E. something like a network-aware electron microscope or CAT scanner will often crash if you send fragmented SYN packets at it, so don't).

        If its possible for script kiddies to crash CAT scanners by doing port scans from your ISP then:-

        1. The person who connected the CAT scanner to the Internet (or any untrusted network) should be sacked.

        2.

        • 2. The vendor of the CAT scanner should provide a software update that stops such a critical piece of equipment from being so fragile and/or be sued for not fixing defective equipment.


          It depends on how the TCP/IP stack was implemented

          Just about all embedded systems use a BSD derived TCP/IP stack.

          And for efficiency some network hardware drivers simply have function pointer arrays indexed by a 'type' fields with no bounds checking. So a packet with a data length one more bytes shorter than the size expec
    • Depending on who will use it. The largest zombie farms are also the largest ISPs, and the only thing that gets their attention is a massive block of all email from them by other large ISPs (including corporate email).

      The CBL (included in the sblpxbl.spamhaus.org list) lists a lot of viruses/zombies, but it is designed to be corporate safe and not hurt the ISPs themselves.

      SPEWS, OTOH, is designed to inflict maximum pain,
    • The spamhaus xbl [spamhaus.org] is meant to be an RBL of spam zombies.
    • I'm surprised there isn't a RBL for zonbies yet
      There is [spamhaus.org].
  • duh (Score:5, Interesting)

    by SuperBanana ( 662181 ) on Wednesday June 01, 2005 @10:24PM (#12701543)

    I was working on the mail server today, and going through logs tracking a clamav/amavis problem.

    I started to notice that...one...after...another...the buggers were connecting. We're not even a very big site (just got a bunch of mailing lists). The DNS names were xxx-yyy-zzz-aaa.(something).(insert european country code).

    They outnumbered legitimate connections easily 5:1 or more, and the sessions all consisted of:

    client: "HELO, I'm in your domain! Here, have some email"
    Postfix: "take a flying leap."

    client: "HELO, I'm in your domain! Here, have some email"
    Postfix: "take a flying leap."

    client: "HELO, I'm in your domain! Here, have some email"
    Postfix: "take a flying leap."

    Every single one would try and send between 3 and 5 messages before finally realizing it wasn't going to work, and disconnecting. It's irritating, because we do actually run a couple of DNS blacklists, but it seems a lot of european systems aren't on them.

    When are we going to stop taking the "oh, we'll just filter it" attitude? Feels like all we've accomplished in half a decade is to do spammer's work for them and make users complacent by hiding all this shit from them. It's a classic white elephant problem if I ever saw it...

    • Re:duh (Score:5, Insightful)

      by DigitalRaptor ( 815681 ) on Wednesday June 01, 2005 @10:42PM (#12701636)
      What we need is for Postfix to have a built in ability to report IP addresses to which it responds "take a flying leap", once per day, and for the top 1,000 of those IP addresses to be included in a report.

      As a safety measure, the IP address has to be reported by X number or percent of the participating Postfix hosts to be considered valid.

      Any IP address is added for a short period of time, say 72 hours, so if it's a machine that is hacked and quickly fixed the IP isn't blacklisted forever.

      It seems like a distributed, real-time system like this would be effective.

      • Sadly, many connections don't give fixed IPs. It would be extremely frustrating to find myself blacklisted because I happened to get an IP that belonged to some nimrod yesterday.

        I think that the problem is better solved closer to the zombie, by their ISP cutting them off, and reserve the global solutions targeted at those ISPs who don't appear to be making an effort.
        • I don't think port 25 should be open for a single IP address on the planet.

          That alone would eliminate 90% of SPAM out there, and place the responsibility squarely on the shoulders of the ISP's to lock down their mail servers and cut off offending accounts.

        • Ditto here. The whole 'fixed IP' thing over here (.ch) is, in my opinion, a racket growing out of a sad situation (lack of enough IPs to go around.) To get a static, a lot of ISPs will charge you an arm and a leg each month for a "business" connection. Blow me.

          Frankly, I don't like the idea of having my mail sitting on an ISP's box, pgp or not. I realize that anyone with half a brain and an ounce of adaptability can still intercept, but it makes it just that smidgeon more difficult. Cutting off TCP/25
      • Re:duh (Score:5, Interesting)

        by v1 ( 525388 ) on Wednesday June 01, 2005 @11:09PM (#12701754) Homepage Journal
        unfortunately, the spammers are not benieth attacking focal points of anti-spam activity. dnsrbl.com is down because it was hammered by a coordinated DDOS for an extended period of time, burning up their funds with bandwidth charges. The spammers may be cutthroat self-centered lowlifes, but they can recognize and coordinate against a threat very effectively when they have a few hunderd thousand zombies each to do their bidding.
        • Re:duh (Score:3, Interesting)

          by zippthorne ( 748122 )
          ahh.. seems like the perfect application of P2P.. or at least massive mirroring: make the postfix clients aware of each other (or a bunch of their nearest neighbors) and mirror the list. If one goes down, send the request to another one. Check all neighbors for updates and new neighbors every so often and merge the new data into the local list, deleting expired changes. New addresses could get pushed to the web by simply ammending their own list, when their neighbors d/l it they will propogate the changes.
  • Europe Home to Majority of Zombies

    Which explains the smell.
  • by Y-Crate ( 540566 ) on Wednesday June 01, 2005 @10:35PM (#12701610)
    Everybody knows '28 Days Later' started out as a warning about the dangers of spam.
  • by dark grep ( 766587 ) on Wednesday June 01, 2005 @10:36PM (#12701612)
    From the very start we (an ISP) have told our customers they are responsible for the proper use of their computers. If you own a car and drive it into a schoolyard and kill someone's child, it is not an acceptable defence to say "Shucks, I didn't know how to drive, not my fault".

    So too, if you own a computer and want to be part of a community of connected computers, not bothering to inform yourself of how to do that does not excuse your responsibility for whatever damage your computer causes.

    So what we do to spam zombies is:

    a) block them totally and stop them from causing any more damage

    b) send them an email telling them how much it cost to clean up their mess (usualy around $500), and that we will bill them if they do it again

    c) only unblock them when they give us their assurance they understand what the future costs may be an will never allow it to happen again

    d) permanently disconnect them and bill them the full amount of sysadmin and helpdesk time and materials of they allow it to happen again.

    It's a really tough line, sure, we have lost maybe 3 customers as a result in 18 months (average spend per customer is $34 per month), out of 20,000. But it is far, far cheaper that the cost of just letting it happen unchecked.

    • Question: if you've totally blocked thier acces - how do they get the email telling them to clean up their act?

    • by mwvdlee ( 775178 ) on Thursday June 02, 2005 @06:02AM (#12702874) Homepage
      So how are they supposed to know how to protect their systems?

      Truth is that most of us trained full-time IT professionals don't completely know how to keep our systems clean, so you can't expect a user to do so.

      It's more like a car causing an accident because somebody sabotaged the breaks. Not every driver is supposed to understand how their car works internally, let alone continuously check every technical detail of it, yet this is what you expect of average computer users.

      It's like a war between highly funded, heavily armed, well trained green-berets and ordinary civilians; you think it's a fair fight?
  • by MasterSLATE ( 638125 ) on Wednesday June 01, 2005 @11:03PM (#12701719) Homepage Journal
    Cole: I see dead people...
    Crowe: In your dreams?
    Cole shakes his head
    Crowe: While you're awake?
    Cole nods
    Crowe: Dead people like in graves and coffins?
    Cole: ...They don't know they're dead
    Crowe: How often do you see them?
    Cole: everytime I go to Europe, (pause) they're everywhere...

  • by mcc ( 14761 ) <amcclure@purdue.edu> on Wednesday June 01, 2005 @11:05PM (#12701727) Homepage
    Man. If you could go back in time to 1980 and tell everyone that in 25 years, European governments would be spearheading an initiative called "Operation Spam Zombies", and that this name was not in any way meant to be humorous, the looks on peoples faces would be priceless.
  • well, duh. where do you think transylvania is?
  • zergs (Score:3, Funny)

    by Lord Omlette ( 124579 ) on Wednesday June 01, 2005 @11:18PM (#12701796) Homepage
    Guns are outlawed in most of Europe, right? How will they defend themselves?
    • Well, let's see...

      No guns in a lot of it. Scottland wants to outlaw swords. Some doctors in England want to outlaw long, pointy chef's knives (no, I'm really not kidding)...

      that leaves two options:
      The fish-slap dance (a la Monty Python)
      OR
      Cricket Bats and records =]
      • Some doctors in England want to outlaw long, pointy chef's knives (no, I'm really not kidding)...

        Why should you be kidding? Chef's knives are hardly playthings. They're extremely sharp and can be put into a vital organ and do fatal damage with minimal effort.

        Even successfully putting up an arm to defend yourself against an uncoordinated attack could see an artery severed or a couple of fingers lost.

        I'm not a medical expert, but at close range I'd give an even chance to surviving an attack from

    • Simple: we just borrow a SMG from our local drug dealer.
    • Re:zergs (Score:3, Funny)

      by bursch-X ( 458146 )
      Europe has the most deadly strike force on earth:

      British hooligans.

      Just tell them the zombies are from the 'other' team and the matter is sealed.
  • flawed study (Score:3, Interesting)

    by Eugene ( 6671 ) on Thursday June 02, 2005 @12:02AM (#12701912) Homepage
    from TFA:

    "Using a tool that can track zombie machines, CipherTrust found that 26 per cent of them were hosted in European countries, with most of them in Germany (six per cent), France (five per cent) and the UK (three per cent)."

    so now the article establied that the *most* infected country is Germany, with is 6%. now the immediate next paragraph:

    "The company's ZombieMeter found that hackers were hijacking around 172,009 computers every day. Approximately 20 per cent of those machines were based in the United States, and 15 per cent were found in China. CipherTrust did not provide details of where the attackers resided."

    and US account for TWENTY percent compare to Germany's SIX percent. Even China's FIFTEEN percent is higher. I don't mind it do a country by country comparation, or even a continent by continent. I wonder what's the overall percentange if you really compare it continent to continent. I wonder what's the overall percentage of Americas, Europe, and Asia is...

    but IMHO grouping Europe all together and compare it against nations like US and China is just wrong.

    • you don't mention the growth of number of zombies in the EU.

      if group A is 30% big and group B 70%, group B is bigger.
      if group A is growing at a rate of 50% and B at 10%, A eventually will get bigger.

      since your quote doesn't mention growth in the EU you just can't compare them based on growth.
    • Also, they are very likely tracking by IP address.
      And at least in Germany almost(*) every home user gets a dynamic ip adress (usually disconnected after 24 hours),
      so it is also very likely that the same zombie machine shows up more than once in that statistic.


      (*) I think most ISPs don't offer them or only as part of higher priced business subscriptions.
      And I'd wager those few people who go through all the trouble and pay extra for a static address for whatever reason
      are probably more knowledgable a
  • they are all zombies with all their legalized weed smoking and techno trance listening
  • A continent has more zombie PCs than a country ...
    Shocking that ..
    http://www.ciphertrust.com/resources/statistics/in dex.php [ciphertrust.com]
    Event hough the statistics infact disagree with the report..
    I think we have some odd reporting here , IT should be that may saw the largest rise in Zombie PCs in Europe .
  • by JaF893 ( 745419 ) on Thursday June 02, 2005 @02:01AM (#12702243) Journal
    I for one welcome our new Zombie overlords.
  • Such a "study" is merely a measurement of broadband penetration. There is no relevancy in grouping trojaned PCs per country, continent, or whatever, and not doing the same with the secured and uncompromised systems.

    Maybe their next study is going to point out that the majority of torjaned systems run Windows XP?
  • Europe Home to Majority of Zombies

    Well, of course. Just ask Shaun [imdb.com] about them!
  • by Archibald Buttle ( 536586 ) <steve_sims7@yaho[ ]o.uk ['o.c' in gap]> on Thursday June 02, 2005 @03:45AM (#12702526)
    As ever there are lies, damn lies and statistics.

    China has a population of about 1.3 billion. The USA has a population of about 295 million. South Korea has a population of approximately 48 million, less than a fifth that of the US, and under 1/20th that of China, yet it has about half the number of zombies of the US.

    Proportionally South Korea is by far the worst offender on the list.

    How difficult is it to keep your OS up to date and run virus scanners?

    The "May Top 10" chart on CipherTrust's web site of course features the "European Union", yet on the same list we see Germany, France, UK and Spain, all member states of the EU.
  • not rocket science (Score:5, Interesting)

    by macpeep ( 36699 ) on Thursday June 02, 2005 @04:01AM (#12702565)
    EU has 460 million people. USA has 300 million people.

    Assuming the same level of spread of Internet access, the EU should have 1.5 times more zombies than the USA.

    The site mentioned in the article shows that in May, EU had 1320985 zombies and the USA had 964020. That means the EU has 1.37 times the zombies of the USA, despite having 1.5 times more people.

    In 2004, Internet usage rates were at 47% in EU and 52% in the USA.

    Conclusion: the zombie rates don't vary between USA and Europe. Population, on the other hand, does vary. Therefore, you can expect the EU to continue to have more zombies than the USA. Also, as China's and India's internet usage grows, they will probably pull ahead in the stats.

    Disclaimer: The numbers were pulled from various sites online using Google for searching. If someone has conflicting figures one way or the other, I wouldn't be surprised.
  • by rudy_wayne ( 414635 ) on Thursday June 02, 2005 @05:09AM (#12702697)
    What kind of moron compares one country against a group of several countries? What kind of comparison is that? Look at the individual numbers:

    U.S. - 20%
    Germany - 6%
    France - 5%
    U.K. - 3%

    Only by lumping everyone together as "Europe" are they able to claim that the majority of zombies are not located in the U.S. Even though I live in the U.S., I find this article totally stupid.

  • Numbers courtesy of ZombieMeter and www.internetworldstats.com, 2005 estimates.

    Zombies:
    European Union 26.16% 1320985
    United States 19.08% 964020
    China 14.56% 735598

    Population:
    European Union 459,938,780
    United States 296,208,476
    China 1,282,198,289

    Zombies per person:
    European Union 0.0029
    United States 0.0032
    China 0.0006

    Internet users:
    European Union 215,765,036
    United States 200,933,147
    China 94,000,000

    Zombies per computer user:
    European Union 0.0061
    United States 0.0047
    Ch

Time is the most valuable thing a man can spend. -- Theophrastus

Working...