Attack of the Zombie Computers


In his latest column, Declan McCullagh, author of Reason's newsmaking June cover story on "the databasification" of America, writes about "zombie computers" that are responsible for massive amounts of spam email.

Zombie computers arise when spammers seize on bugs in Microsoft Windows–or from naive users who click on attachments–to take over PCs and transform them into spambots. No hard numbers exist, but some estimates say that about one-third of spam comes from zombie computers with broadband connections. The owners of the zombie PCs typically don't even notice what's happening.

High-speed access provider Comcast has been fingered as one of the–if not the–main culprit in zombification, due to its treatment of outgoing mail. McCullagh reports that "the Internet's biggest spammer is finally trying imaginative ways to save our in-boxes from its subscribers." The story underscores that, pace lawmakers, the fix for spam will be techonological, not legal. (McCullagh recently wrote about how laws attempting to govern Internet-based communication, including spam, typically go wrong here).

Imagining a world without spam raises the question: What will we do with all the time we used to spend deleting Paris Hilton video pitches, ads for Cial*s, and all those fabulous investment opportunities from the relatives of deposed African dictators?

Reason chewed over the spam issue here.

NEXT: Knocks Sy Hersh Into A Cocked Hat!

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Jeff-

    “me as a Mac user, it seemed easier for me to jump into Windows than it was for some of our newer R&D staff used to Windows when they had to deal with Macs.”

    You go that right, I feel retarded every time I need to use a mac. Where did they put the second mouse button?

  2. For those with broadband, an even better option than software firewalls like ZoneAlarm is the use of a hardware firewall or router (not the same thing). Most of the home networking routers have a type of firewall built in. With most setups you can use them (unless you have the USB DSL modem or Cable Modem. Places like have quite a bit of useful information on protecting your home computer from malware.

  3. There have been vulnerabilities in the past with ZoneAlarm as well. If you use it, make sure that you visit their web site often and keep up to date with any patches or other potential problems. I’ve used it and it is a good product.

    I’ve had an “always on” connection of some sort (cable or DSL) for quite a few years now. I’ve always made a habit out of disconnecting the cable while I’m not using the computer.

  4. Simple tip for Mac users: Don’t do your Internet access as a user with admin privileges. The less of the filesystem your active account can get at, the safer you are.

  5. Did I read correctly above that my Linksys wireless router has a hardware firewall, too? Can I turn Zone Alarm off?

  6. Jason,
    Check the specs of your exact router, but most wireless routers do act as a firewall. If it does, then you do not need ZoneAlarm. In fact, your router will do a better job in general. Hardware firewalls are, on average, better than software ones.

  7. Mac users have no excuse not to run the built-in firewall. Turn it on in the “sharing” control panel. It seems like Microsoft should provide this level of intigrated convinience – this would benifit everyone.

  8. girl,
    Not sure what other versions of the OS have the feature, but XP and, IIRC, Windows 2000 have a built in firewall that is extremely easy to turn on. It’s not as good as 3rd party versions, but it works.

  9. Um, yeah, the proxy spammer, or “zombie computer”, sucks. I was an unwitting victim last year. I have a cablemodem with Adelphia. One day, without warning, the connection dies. Given that Adelphia’s system is buggy sometimes, I let it be…except this time, it never came back. So I called Powerlink customer service. I sat on the phone for an hour, then the kid, after doing all sorts of diagnostics, tells me my account has been “flagged”, and I needed to call their “internet policy enforcement division”, which sounded like Ace Ventura, Net Detective. I call them the next morning (pesky detectives don’t like to work late hours), and they told me that I had been sending spam, so they shut my account down.

    I told them I had no knowledge of this, and they told me I had 24 hours to stop it, or my account would be cancelled, permamently. I downloaded various search-and-destroy programs, and finally found a backdoor trojan, which had allowed a hacker to install an inconspicuous proxy spammer on my computer. I don’t think I was ever actually able to erase the trojan completely…what a bitch! But I got a good firewall, and found the spamming program and deleted it (had to do it from safe mode). My account was reinstated, all was well

    4 or 5 days later, I get a letter in the snailmail alerting me that my account had been temporarily suspended. That’s what gets me, the fools at adelphia had my phone number and my e-mail address. They could have contacted me in a better manner…instead, I get a letter notifying me of my situation, a week after it’s already resolved.

    Now, they’re using my address as a return-addy, not my computer. I keep getting “undeliverable mail” messages referring to stuff I never sent.

    SPAM itself might be legal, but this crap surely isn’t…or shouldn’t be.

  10. There needs to be a protocol where any solicitation of money must have a verifiable return address or no money can get to it. The verification would have to be something that could not be relayed.
    For the pests, I say transfer all anti-drug law enforcement to anti-viruser enforcement for 5 years. Find some way of insuring the culprits never ever have access to the internet again.

  11. Anti-spam ideas have gotten so common on Slashdot that they’ve come up with a form to deal with them.

    Comcast’s solution is one of the few that hasn’t been so ridiculed. On the other hand it has the following problems:

    -They’ll use it to go after people who run their own mailservers, admittedly contrary to their user agreement, but in a non-destructive capacity.
    -It will likely be handled by low-level types here or abroad who will be prone to misidentifying computers and not responding…for example, I’ve read of one case already where someone was accused of having a Windows trojan–but he ran Linux. The script monkey on the other end of the phone wouldn’t let him have his connection back until he installed windows and donwloaded and applied the patch (then promptly erased it and reinstalled Linux).

    I am just waiting for the day when they tell me that my Mac has MS Blaster on it.

    One side note: in defense of Adelphia, if they were notifying you of disconnecting your service, Evan, an e-mail would likely not arrive. And the laywers say such things must be in writing, so they can’t call. So it’s the government-run monopoly as their only option.

  12. I’m using SpamArrest in combination with Mac’s Mail client, which features a “Bounce” button that supposedly makes it appear to spammers that my address is invaild. There’s some sweat equity involved, but I’ve cut my portion of spam down by at least 95%.

    Another technique I’ve used is to receive email on one address but send on another. I’m not sure exactly why this helps, but it seems to.

  13. Simple fix, don’t be so damn naive. Get a firewall, ZONEALARM is free and good. Get a trojan/spyware detection program, ADAWARE is free and good. Run the firwall always, run the spyware detector weekly. Learn to take care of yourself and we will all be better off.

  14. matt –

    Good points, although Mac OSX and Windows have different vulnerabilities, there are analogous techniques and doodads for each operating system. Windows is obviously more of a target due to its market share, but now that Mac has an open source kernel, I suspect it will start picking up its share of nasty bugs – much moreso than previously.

  15. I can’t seem to get zonealarm to work if I’m connected for online gaming. I have to shut it down. Do you know of a way around that, matt?

  16. The thing that’s recently struck me is that, as a Mac user, I am still vulnerable to email virii or Trojans that attack Microsoft systems via email, as the sheer bulk of messages they generate bogs down servers making it impossible for me to send or receive email.

  17. A good firewall will protect you from almost anything, irrespective of your OS. When sobig was running around ZONEALARM bounced all the probes I got. If for some reason you do get infected (downloading bad software and so forth) a good firewall will tell you when a new program is trying to get out and will prevent it from doing so. It is then trivial to disinfect your computer. I can’t say enough about ZONEALARM. I haven’t run anti-virus software in over 6 years. Jeff, your right. MAC users are about to get a taste of what windows users have been dealing with for some time.

  18. Spamming should never be a freedom of speech or right of access issue because it involves taking resources that don’t belong to you. It is reasonable to assume that you have a right to email someone with a legitimate email, but to assume that you can bombard them with advertisements is presumptuous and the thought pattern of a thief.

    Bandwidth, server space and server clock cycles aren’t free. When you spam someone’s service provider you are costing that provider money spent on ensuring that their network is powerful enough to handle your traffic so that legitimate traffic gets through. Spamming, when well defined, should definitely be a civily actionable offense.

    The good news is that several major companies are working on new email verification protocols which should make it harder for people to spoof their IPs. Also, for those that want security on their desktop, Fedora Core 2.0 is out at It’s a great Linux desktop distribution.

  19. Jason-

    Zonealarm seems to have problems with certain applications. There are other good free firewalls out there you could try.

  20. matt – I have a firewall in addition to the one embedded in the operating system, but I am not familiar with Zonealarm. It’s a software firewall, correct? Is it crossplatform? I seem to remember reading about some great firewall software that runs under java.

  21. Mike-

    I don’t see using alternative operating systems as a viable long term security solution. I’m a computational chemist so I work on several of the large national lab’s computers. As you may know several of them were hacked recently (including the large DOD cluster at Maui) resulting in most of them going offline and all accounts being reset. They were all running some version of linux. I run a windows and a linux machine at home. At work I use a linux and a mac machine. They all have there advantages and drawback but windows far and above scores with convenience and compatability. They price of the convenience of windows is a bit more vigilance.

  22. Jeff-
    Zonealarm is software. I doesn’t look like they have a MAC version. As I understand it the new mac os is unix based so there has got to be some freeware firewall out there. I’m not aware of any java firewall. Using the OS firewall is what got everyone in trouble with sobig. It wouldn’t hurt to invest in a hardware firewall. There are many fewer was to compromise these compared to software.

  23. Matt-

    All OSes have vulnerabilities, but Windows takes more effort (ZONEALARM, et. al.) for newless clubies to get it to a semisecure state, and has many more vulnerabilities that affect the home user (who isn’t running large custom programs with server-based software).

    So for the *desktop user*, switching operating systems is a good way to not contribute to the problem. I haven’t used the new Fedora Core, but probably they boot up with fairly few exploitable features activated.

    That being said, transition costs will keep a lot of people away from it. However, given that Microsoft Office is still available on the Mac and that OpenOffice is coming along nicely on Mac and Linux (and Windows), as well as the fact that most people upgrade their PCs every couple of years and have to buy new versions of software anyway (if they’re legal), those transition costs are relatively less.

  24. Matt,

    With the work that the NSA is doing on SELinux, we are moving toward a more genuinely secure Linux. Fedora Core 2.0 is the first mainstream distro to make SELinux a default installation option for desktop users.

    You’re right that non-Microsoft OSes are not a security panacea by any stretch of the imagination, but they usually provide good security that Windows doesn’t seem to. What we need is to greatly increase the pervasiveness of encryption online. I’d like to see a movement toward encrypting all data sent across the network and more money spent on projects like SELinux.

  25. matt –

    Well, although I’ve never found Windows particularly “convenient,” – I think the better term is “ubiquitous,” or possibly “inescapable” – like it or not, the majority of heinous bugs are written for it, much corporate and organizational email, middleware and file servers run on and for it and are subject to its many holes and vulnerabilities, and most people’s desktop machines feature it and its client apps. As long as they are all connected to the ‘Net, as goes Windows, so go we all.

  26. Mike –

    I’m not quite as technically savvy – I’d describe myself as a superuser. What hardware considerations would need to be made as far as internet infrastructure, do you think?

  27. Jeff-

    I’m sure that I am about to step in it but, Windows is convenient. It is easy to install and likewise software is easy to install. My wife and mother could do both. I just finished putting RedHat9 on my other computer at home. It was not really all that easy. There was also all the software that went on afterward. Most of it needed to be compiled and the installation isn’t straight forward. There is no way in hell either my wife of mother could have done that, even with support. I like windows, XP hardly crashes. Neither my linux or mac computers have that many problems, however, they have more than my windows machine. Windows is expensive and it is always trying to call home, the copyright protection stuff is also a pain. But, I was able to build the computer it is on just the way I like. Can’t do that with a mac. Come to think of it, with the proprietary hardware and OS you would think a mac would be rock solid. This isn’t my experience. You are right that a large amount of window’s convenience is due to it’s market share. I still think it is a good OS.

  28. matt –

    As far as usability of OSes, I think it’s what you grow up on. I came out of education, so I grew up with Macs and learned to love their flexibility, that is, when you install something or open or transfer files, generally, the user decides where to put things and how to set them up. As a sometime musician and website designer, those aspects are key.

    Windows tends to put things where it wants to put them, everything run by wizards, which many users do find convenient. But to others that “convenience” is the same kind we all enjoyed when there were no choices of phone companies. Not having to choose among a myriad options saves time and effort, but when I went into the corporate world for a time and into a Windows environment, it felt to me as if the machine was running me, rather than the other way around. I did notice that for me as a Mac user, it seemed easier for me to jump into Windows than it was for some of our newer R&D staff used to Windows when they had to deal with Macs.

    Anyway, since we’re all on the ‘Net, what happens to one OS tends to affect us all, particularly with regard to spam and email-borne bugs. Even though my machine isn’t vulnerable to Windows-targeted spyware, Trojans, etc., it certainly does affect me when the servers I used get bogged down or my inbox gets clogged.

  29. how exciting! i have really enjoyed reading this post. you guys have built a great community!

Please to post comments

Comments are closed.