Europe Home to Majority of Zombies

Rei writes "According to a recent CipherTrust study, the majority of Zombie PCs reside not in the US or China, but in Europe. Of the European zombies, 2/3 were either in Germany, France, or Britain. The results were released with the announcement of CipherTrust's new ZombieMeter. As a response to previous reports of high zombie activity, the London Action Plan launched Operation Spam Zombies in cooperation with numerous governments around the world."

isn't surprising

this isn't surprising. While we generally thing of the internet as USA only, it does exist in other countries. Considering that the majority of hacker attack come from overseas (or so it seems), this does not come as a surprise. Maybe this is why the EU hates MS?

Unbelievable

[SamMichaels]

This just goes to show that no one knows where spam and zombies reside. Everyone's "research" (obviously riddled with bias) says it's some place else.

duh

[SuperBanana]

I was working on the mail server today, and going through logs tracking a clamav/amavis problem.

I started to notice that...one...after...another...the buggers were connecting. We're not even a very big site (just got a bunch of mailing lists). The DNS names were xxx-yyy-zzz-aaa.(something).(insert european country code).

They outnumbered legitimate connections easily 5:1 or more, and the sessions all consisted of:

client: "HELO, I'm in your domain! Here, have some email"
Postfix: "take a flying leap."

client: "HELO, I'm in your domain! Here, have some email"
Postfix: "take a flying leap."

client: "HELO, I'm in your domain! Here, have some email"
Postfix: "take a flying leap."

Every single one would try and send between 3 and 5 messages before finally realizing it wasn't going to work, and disconnecting. It's irritating, because we do actually run a couple of DNS blacklists, but it seems a lot of european systems aren't on them.

When are we going to stop taking the "oh, we'll just filter it" attitude? Feels like all we've accomplished in half a decade is to do spammer's work for them and make users complacent by hiding all this shit from them. It's a classic white elephant problem if I ever saw it...

Re:duh

[v1]

unfortunately, the spammers are not benieth attacking focal points of anti-spam activity. dnsrbl.com is down because it was hammered by a coordinated DDOS for an extended period of time, burning up their funds with bandwidth charges. The spammers may be cutthroat self-centered lowlifes, but they can recognize and coordinate against a threat very effectively when they have a few hunderd thousand zombies each to do their bidding.

Re:duh

[zippthorne]

ahh.. seems like the perfect application of P2P.. or at least massive mirroring: make the postfix clients aware of each other (or a bunch of their nearest neighbors) and mirror the list. If one goes down, send the request to another one. Check all neighbors for updates and new neighbors every so often and merge the new data into the local list, deleting expired changes. New addresses could get pushed to the web by simply ammending their own list, when their neighbors d/l it they will propogate the changes. It doesn't matter if everyone has the whole list at any point, as long as the lists propogating through are reasonably complete.

Take some responsibility

[dark+grep]

From the very start we (an ISP) have told our customers they are responsible for the proper use of their computers. If you own a car and drive it into a schoolyard and kill someone's child, it is not an acceptable defence to say "Shucks, I didn't know how to drive, not my fault".

So too, if you own a computer and want to be part of a community of connected computers, not bothering to inform yourself of how to do that does not excuse your responsibility for whatever damage your computer causes.

So what we do to spam zombies is:

a) block them totally and stop them from causing any more damage

b) send them an email telling them how much it cost to clean up their mess (usualy around $500), and that we will bill them if they do it again

c) only unblock them when they give us their assurance they understand what the future costs may be an will never allow it to happen again

d) permanently disconnect them and bill them the full amount of sysadmin and helpdesk time and materials of they allow it to happen again.

It's a really tough line, sure, we have lost maybe 3 customers as a result in 18 months (average spend per customer is $34 per month), out of 20,000. But it is far, far cheaper that the cost of just letting it happen unchecked.

Re:Take some responsibility

[mwvdlee]

So how are they supposed to know how to protect their systems?

Truth is that most of us trained full-time IT professionals don't completely know how to keep our systems clean, so you can't expect a user to do so.

It's more like a car causing an accident because somebody sabotaged the breaks. Not every driver is supposed to understand how their car works internally, let alone continuously check every technical detail of it, yet this is what you expect of average computer users.

It's like a war between highly funded, heavily armed, well trained green-berets and ordinary civilians; you think it's a fair fight?

Re:Take some responsibility

[mwvdlee]

Not even accessible to a full-time carthief?

flawed study

[Eugene]

from TFA:

"Using a tool that can track zombie machines, CipherTrust found that 26 per cent of them were hosted in European countries, with most of them in Germany (six per cent), France (five per cent) and the UK (three per cent)."

so now the article establied that the *most* infected country is Germany, with is 6%. now the immediate next paragraph:

"The company's ZombieMeter found that hackers were hijacking around 172,009 computers every day. Approximately 20 per cent of those machines were based in the United States, and 15 per cent were found in China. CipherTrust did not provide details of where the attackers resided."

and US account for TWENTY percent compare to Germany's SIX percent. Even China's FIFTEEN percent is higher. I don't mind it do a country by country comparation, or even a continent by continent. I wonder what's the overall percentange if you really compare it continent to continent. I wonder what's the overall percentage of Americas, Europe, and Asia is...

but IMHO grouping Europe all together and compare it against nations like US and China is just wrong.

not rocket science

[macpeep]

EU has 460 million people. USA has 300 million people.

Assuming the same level of spread of Internet access, the EU should have 1.5 times more zombies than the USA.

The site mentioned in the article shows that in May, EU had 1320985 zombies and the USA had 964020. That means the EU has 1.37 times the zombies of the USA, despite having 1.5 times more people.

In 2004, Internet usage rates were at 47% in EU and 52% in the USA.

Conclusion: the zombie rates don't vary between USA and Europe. Population, on the other hand, does vary. Therefore, you can expect the EU to continue to have more zombies than the USA. Also, as China's and India's internet usage grows, they will probably pull ahead in the stats.

Disclaimer: The numbers were pulled from various sites online using Google for searching. If someone has conflicting figures one way or the other, I wouldn't be surprised.

Stupid ... Europe is not a country

[rudy_wayne]

What kind of moron compares one country against a group of several countries? What kind of comparison is that? Look at the individual numbers:

U.S. - 20%
Germany - 6%
France - 5%
U.K. - 3%

Only by lumping everyone together as "Europe" are they able to claim that the majority of zombies are not located in the U.S. Even though I live in the U.S., I find this article totally stupid.