By Vineetha Menon
The EMEA region is still the leading source of all zombie IP addresses, hosting 45% of all active zombie computers in the world
The EMEA region is still the leading source of all zombie IP addresses, hosting 45% of all active zombie computers in the world, a recent State of Spam report from Symantec revealed.
‘Zombie’ is a term given to a computer that has been compromised and is currently being used for various criminal related activities such as sending spam, hosting websites that advertise spam or malware, and acting as DNS servers for zombie hosts.
The region of Europe, Middle East and Africa was first recognised as the leading source of all zombie IP addresses in September last year, when a sharp increase in zombie activity was noticed worldwide. There was a 37% drop in the number of zombies sending spam in August 2008, but it jumped up to a 101% increase the following month.
Based on latest estimates, Russia is the top country responsible in the region, followed closely by Turkey.
Outside the EMEA region, Brazil has also moved up the spam scale and owns the dubious honour of being the number one host of active zombie machines in that geography. Security experts believe that as countries such as Brazil, India and China (which have a burgeoning middle class) continue to invest heavily in internet and IT infrastructure, the location of active zombie machines will continue to change.
It’s not just zombies making news though – all everyone wants to talk about this month is the Downadup/Conficker worm.
It was expected to deliver its payload on 1st April - April Fool’s Day – and got security professionals, including those at the US homeland security, very apprehensive. Though nothing remotely catastrophic happened on that date, experts are warning that it’s still a very real threat.
IBM says that the worm controls 4% of all infected PCs, with as many as one out of every 25 internet addresses transmitting potentially dangerous data over the net being infected with a Conficker.c variant of the worm.
Taking advantage of the frenzy surrounding the April 1st trigger date, spammers sent out messages that offered the latest in antivirus security software to ‘protect’ users from the threat. Some were so well-designed that they used names and images of Norton Antivirus software, together with the name of certain Symantec employee to add credibility.
After clicking on the link in the message, users were redirected to a website which offered directions on how to make a payment. Whether or not any product was made available after payments were made is still unknown at this point.
Even if the product promised was available, its effectiveness would be questionable because it’s most likely a rogue application or pirated software. Always be wary of accessing content through emails; instead go directly through the vendor or source’s website.
Spammers are known to use human curiosity to tempt recipients into opening a spam message and access links but a little common sense can go a long way in protecting yourself online.