Don’t Get Tricked on Halloween: Federal Trade Commission, Consumer Action and Microsoft Warn Internet Users of Zombie Computers

Microsoft logs 5 million illegal commands to one quarantined zombie computer.

WASHINGTON — Oct. 27, 2005 — What evil haunts your computer? Internet users beware: Zombies are among us.

Timing their effort to coincide with national Cyber Security Awareness Month and Halloween, the U.S. Federal Trade Commission (FTC), Consumer Action and Microsoft Corp. are urging consumers to protect themselves from the threat of “zombies,” computers that are infected with malicious code so they can be controlled remotely by other people for illegal purposes. Through technological trickery, criminals can use these unconscious accomplices to send illegal spam, launch phishing campaigns to steal personal information, attack Web sites and computers, or engage in other illegal activity.

Unlike the zombies of B-movie imagination, which are easily identifiable by their typically gruesome appearance and menacing groans, zombie computers are silent stalkers. People who use the Internet may never know that their computers have been compromised and turned into a conduit for sending millions of pieces of illegal spam or facilitating other illegal activity. More than half of all spam is sent through infected computers, according to industry reports. (A graphical explanation of how zombies operate is available at www.microsoft.com/presspass/features/2005/oct05/10-27Zombie.mspx

To combat the zombie threat, Microsoft today revealed some of the technological and legal maneuvers it has used to unmask the individuals using several zombies to send spam. Microsoft investigators intentionally created a zombie computer, quarantined it to prevent it from actually sending spam messages, then carefully watched it for 20 days while investigators tracked and traced all Internet communications through the infected computer.

The statistics the investigators compiled were staggering. In less than three weeks, this single zombie received 5 million connection requests from spammers and 18 million spam messages advertising more than 13,000 individual Web sites. Evidence gathered in this exercise contributed to a lawsuit that has now identified 13 different spamming operations.

“The widespread use of zombie computers to commit crimes over the Internet presents a very real danger to law-abiding computer users,” said Tim Cranton, director of Internet Safety Enforcement Programs at Microsoft. “This is precisely why Microsoft initiated this investigation into zombies and took legal action. As a result, we have identified more than a dozen spamming operations exploiting zombie networks to send millions of illegal spam messages. We will continue our investigations and will maintain a steady, concerted effort to identify and target criminals to help make the Internet safer.”

The FTC, a federal consumer-protection agency on the forefront of the fight against cybercrime, has also intensified its efforts against zombies. Its “Operation Spam Zombies” with 35 government partners from more than 20 countries encourages Internet service providers (ISPs) to take zombie-prevention measures. The goal is to identify spam zombies and urge the providers that are hosting them to implement corrective measures. This month the FTC also launched OnGuardOnline.gov, a Web site that provides tips, articles and videos for computer users to help protect themselves and their information from online threats.

“Many computer users do not realize that hackers are using their machines to send bulk e-mails by the millions,” said Lydia Parnes, director of the Bureau of Consumer Protection at the FTC. “We are pleased that industry leaders are stepping up their efforts to protect computer users from costly, annoying and intrusive spam zombies.”

Other than sometimes creating extremely sluggish Internet connections and dramatically slowing overall computer performance, zombie computers show few recognizable signs of their infection. It has become increasingly important for computer users to protect their systems to every extent possible.

Ken McEldowney, executive director of Consumer Action, said people can take steps to protect themselves, but that raising awareness of the threat of zombies is a first step.

“You can learn how to protect yourself from these insidious threats,” McEldowney said. “We always stress safety around Halloween. This October, we want to emphasize online safety, too. There are some simple things people can do to help protect their computers, and we’re encouraging people to take those steps.”

Internet users should follow these steps to prevent their computers from becoming zombies:
• Use a firewall to help protect their computer from hacking attacks while it is connected to the Internet
• Get computer security updates or use the Automatic Updates feature to help shield their computer from viruses, worms and other threats
• Use up-to-date anti-virus software to help protect themselves from new threats
• Get anti-spyware software, and beware of trickery to get them to download and install unwanted and sometimes destructive software, such as music or file-sharing programs and free games
• Be cautious about opening any attachment or downloading files, and never open attachments from people they do not know

Computer users can find more online tips to better protect their computers at the FTC’s Web site http://OnGuardOnline.gov and at http://www.microsoft.com/athome/security.

About the Federal Trade Commission

The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint in English or Spanish (bilingual counselors are available to take complaints), or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1-877-382-4357), or use the complaint form at http://www.ftc.gov. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.

About Consumer Action

Consumer Action (www.consumer-action.org) is a non-profit, membership-based organization that was founded in San Francisco in 1971. Since then, Consumer Action has continued to serve consumers nationwide by advancing consumer rights, referring consumers to complaint-handling agencies through our free hotline, publishing educational materials in Chinese, English, Korean, Spanish, Vietnamese and other languages, advocating for consumers in the media and before lawmakers, and comparing prices on credit cards, bank accounts, and long distance services.

About Microsoft

Founded in 1975, Microsoft (Nasdaq “MSFT”) is the worldwide leader in software, services and solutions that help people and businesses realize their full potential.

Microsoft is a registered trademark of Microsoft Corp. in the United States and/or other countries.
The names of actual companies and products mentioned herein may be the trademarks of their respective owners.

Contact Information

Waggener Edstrom

Rapid Response Team

Microsoft Corp.

Contact via E-mail