Slashdot Mirror

← Back to Stories (view on slashdot.org)

Europe Home to Majority of Zombies

Posted by samzenpus on from the stop-the-spam dept.

Rei writes "According to a recent CipherTrust study, the majority of Zombie PCs reside not in the US or China, but in Europe. Of the European zombies, 2/3 were either in Germany, France, or Britain. The results were released with the announcement of CipherTrust's new ZombieMeter. As a response to previous reports of high zombie activity, the London Action Plan launched Operation Spam Zombies in cooperation with numerous governments around the world."

44 of 357 comments (clear)

  1. This might give us a hint ... by Raindance · · Score: 5, Funny

    ... as to where the evil clerics are.

    1. Re:This might give us a hint ... by Anonymous Coward · · Score: 2, Informative

      This might be useful for those in Europe: How to Survive a Zombie Attack.

  2. This is so obvious. by Seumas · · Score: 5, Funny

    This has been obvious to me ever since Wolfenstein 3D almost 14 years ago.

    1. Re:This is so obvious. by alex_guy_CA · · Score: 2, Funny
      Good god, I saw the title of the article, and I thought they meant, you know, zombies.

      Never have I been happier to learn that they were talking about evil spam spewing Windows machines

      --
      San Francisco Photographers
    2. Re:This is so obvious. by wft_rtfa · · Score: 2, Insightful
      This has been obvious to me ever since Wolfenstein 3D almost 14 years ago.

      Yes, and Shaun of the Dead last year made it even more clear.

      --
      :-] :0 :-> :-| :->
    3. Re:This is so obvious. by fanblade · · Score: 3, Funny

      Hehe, I would agree except the article clearly states "zombie PCs."

      I wonder where all the zombie NPCs live?

  3. Unbelievable by SamMichaels · · Score: 4, Interesting

    This just goes to show that no one knows where spam and zombies reside. Everyone's "research" (obviously riddled with bias) says it's some place else.

  4. Velcome to Shproket by jrivar59 · · Score: 4, Funny

    Voud u like to touch my zombie?

  5. Solution... by da3dAlus · · Score: 4, Funny

    Call in Shaun of the Dead!

    Ed: Any zombies out there?
    Shaun: Don't say that!
    Ed: What?
    Shaun: The "zed" word. Don't say it!
    Ed: Well... are they any?
    Shaun: I don't see any. Maybe it's not as bad as all that.
    Shaun: Oh, no wait, there they are.

    --

    Sometimes I doubt your commitment to Sparkle Motion.
    1. Re:Solution... by rjshields · · Score: 2, Funny
      as an aussie, ... with two scotsmen and a dutchman
      I read that and though thought you were starting a bar joke.
      --
      In this world nothing is certain but death, taxes and flawed car analogies.
  6. Thank God by Chemical · · Score: 5, Informative

    I expected something like this might happen some day, but I'm ready, thanks to this. Bring it on!

  7. That isn't what the Zombie Meter says... by colinemckay · · Score: 5, Informative

    Top 10 includes the US at 28.5%. No EU country is in the top ten list. "during the first three weeks of May, approximately 26% of daily new zombies originated in the European Union, including 6%, 5% and 3% of new zombies originated in Germany, France and the United Kingdom, respectively." That's NEW zombies. The EU share of zombies is increasing, but it isn't the major source (yet).

    1. Re:That isn't what the Zombie Meter says... by DigiShaman · · Score: 3, Funny

      *gasp*. Ohhh noooosss!!! Europe may have to face up to a dirty little secret filled with horrors. That is, Europe has its fair share of stupid people too. Bwahahahaa.

      I fart in your general direction.

      --
      Life is not for the lazy.
    2. Re:That isn't what the Zombie Meter says... by alexhs · · Score: 2, Insightful

      That is, Europe has its fair share of stupid people too.

      I thought that the cause of all those zombies rather was a stupid OS from some Redmond company...

      --
      I have discovered a truly marvelous proof of killer sig, which this margin is too narrow to contain.
  8. The Remedy by SparksMcGee · · Score: 2, Funny

    Whether hacked computers and their clueless users or hideous undead out for brains, nothing beats the tried and true shotgun.

  9. Re:isn't surprising by astromog · · Score: 2, Insightful

    Really? We have internet here in The Rest of the World? Thanks for noticing!

  10. Time for new SMTP error messages by TheNarrator · · Score: 4, Funny

    550 : Recipient address rejected: cleric casts repel undead at spam zombie;

  11. Re:Why is this so? by LurkerXXX · · Score: 5, Insightful

    How do you know they weren't patched? Patching doesn't really help you when the user runs the executable attachment they got in their email, or installs something shiny they found on the web.

  12. I'm surprised there isn't a RBL for zonbies yet by Anonymous Coward · · Score: 5, Insightful

    Back in the 1990s, Spam was a big problem. The problem was that a number of ISPs would ignore Spam complaints, or would even encourage spammers to be on their networks. Once enough ISPs refused to listen to complaints, Paul Vixie started the Realtime Blackhole List, which would allow people to find out if a given IP was blacklisted, and refused to receive email from a blacklisted IP.

    I worked at Netcom when we ended up on the RBL. We did not have strong Spam protection; for example, our credit card verifier did not contact the credit card company before giving someone internet access. Even after being placed on the RBL, management was unwilling to expend the resources needed to stop our Spam problem; they thought the RBL would just go away. Meanwhile, the number of people calling or emailing technical support doubled because they could not send mail increased (I helped make some graphs showing the increase in emails to tech support to convince management that this was a real problem). It took months for management to wake up, smell the coffee, and make it harder for spammers to get throw-away accounts on Netcom's network.

    (For NANOG regulars at the time: It was I who wrote the "Keman-bot")

    A similiar list needs to be set up; if a given ISP has zombies and does not cut off said zombies from the internet, the ISP needs to be blacklisted RBL style. Maybe then management will do something about the zonbie problem--such as cutting of zombie machines from the internet (redirecting all HTTP queries to a "You're a zombie so we cut you off page" for example).

    1. Re:I'm surprised there isn't a RBL for zonbies yet by destuxor · · Score: 3, Informative

      At the ISP where I work we've got an approach something like this. We've got scripts running that analyze network usage, watch for port scanning, and regulate email.
      - Network usage is the easiest to monitor since it's little more than a script pointing out that a host is attacking other machines over port 445 or connected to port 6667. Just being on IRC or sharing your printer won't set off the scripts since they not only monitor raw traffic but also watch how quickly new connections are being made and such. I should mention that we allow anyone to run anything on this network with no maximum bandwidth usage, provided it's all legal (so an open Gnutella port means nothing, lots of traffic over DC++ is fine, downloading tens of Gigabytes over BitTorrent is fine - we don't care until the copyright violation letters roll in).
      - Back on topic, our firewalls monitor evidence of port scanning. This is something you'd better not get caught doing since they're so destructive to the network (I.E. something like a network-aware electron microscope or CAT scanner will often crash if you send fragmented SYN packets at it, so don't).
      - And best of all we not only implement PureMessage and antivirus filters on our IMAP and POP3 servers, we have two SMTP servers (one for residents, one for everything else) and all outgoing SMTP must go through those (and IIRC you must authenticate to the SMTP server as well). We realised we had no choice but to implement a very strict system like this when AOL blocked @ncsu.edu!
      When we detect a machine that's been compromised it gets blocked automatically. It's nice that in the case of a resident getting blocked we send emails to both that student and their roommate as we (currently) have no way of knowing whose machine we've blocked. If they need help we've got great support.
      Why don't all ISPs have strict policies like this? AOL was shown in an earlier article to be home to more compromised hosts than any other. Maybe they should start blocking MACs of known compromised hosts and better integrate antivirus software into the Win32 software. Best yet would be to automate a phone call to the household that has been blocked as soon as it happens to alert the customer that and why they've been temporarily blocked.
      How hard could it really be to include Stinger on those AOL CDs? :)

    2. Re:I'm surprised there isn't a RBL for zonbies yet by Underholdning · · Score: 2, Informative

      I'm surprised there isn't a RBL for zonbies yet
      There is.

      --
      Underholdning.info
  13. Re:Zombies...? by mooingyak · · Score: 3, Funny

    Fascinating. But what is a "worm" or a "virus"? Did the article define those too?

    --
    William of Ockham had no beard. The most likely explanation is that it was chewed off by squirrels every morning.
  14. duh by SuperBanana · · Score: 4, Interesting

    I was working on the mail server today, and going through logs tracking a clamav/amavis problem.

    I started to notice that...one...after...another...the buggers were connecting. We're not even a very big site (just got a bunch of mailing lists). The DNS names were xxx-yyy-zzz-aaa.(something).(insert european country code).

    They outnumbered legitimate connections easily 5:1 or more, and the sessions all consisted of:

    client: "HELO, I'm in your domain! Here, have some email"
    Postfix: "take a flying leap."

    client: "HELO, I'm in your domain! Here, have some email"
    Postfix: "take a flying leap."

    client: "HELO, I'm in your domain! Here, have some email"
    Postfix: "take a flying leap."

    Every single one would try and send between 3 and 5 messages before finally realizing it wasn't going to work, and disconnecting. It's irritating, because we do actually run a couple of DNS blacklists, but it seems a lot of european systems aren't on them.

    When are we going to stop taking the "oh, we'll just filter it" attitude? Feels like all we've accomplished in half a decade is to do spammer's work for them and make users complacent by hiding all this shit from them. It's a classic white elephant problem if I ever saw it...

    --
    Please help metamoderate.
    1. Re:duh by DigitalRaptor · · Score: 5, Insightful

      What we need is for Postfix to have a built in ability to report IP addresses to which it responds "take a flying leap", once per day, and for the top 1,000 of those IP addresses to be included in a report.

      As a safety measure, the IP address has to be reported by X number or percent of the participating Postfix hosts to be considered valid.

      Any IP address is added for a short period of time, say 72 hours, so if it's a machine that is hacked and quickly fixed the IP isn't blacklisted forever.

      It seems like a distributed, real-time system like this would be effective.

      --
      Lose Weight and Feel Great with Isagenix
    2. Re:duh by v1 · · Score: 4, Interesting

      unfortunately, the spammers are not benieth attacking focal points of anti-spam activity. dnsrbl.com is down because it was hammered by a coordinated DDOS for an extended period of time, burning up their funds with bandwidth charges. The spammers may be cutthroat self-centered lowlifes, but they can recognize and coordinate against a threat very effectively when they have a few hunderd thousand zombies each to do their bidding.

      --
      I work for the Department of Redundancy Department.
    3. Re:duh by zippthorne · · Score: 2, Interesting

      ahh.. seems like the perfect application of P2P.. or at least massive mirroring: make the postfix clients aware of each other (or a bunch of their nearest neighbors) and mirror the list. If one goes down, send the request to another one. Check all neighbors for updates and new neighbors every so often and merge the new data into the local list, deleting expired changes. New addresses could get pushed to the web by simply ammending their own list, when their neighbors d/l it they will propogate the changes. It doesn't matter if everyone has the whole list at any point, as long as the lists propogating through are reasonably complete.

      --
      Can you be Even More Awesome?!
  15. Europe Home to Majority of Zombies by Dancin_Santa · · Score: 2, Funny

    Europe Home to Majority of Zombies

    Which explains the smell.

  16. Pfft, old news by Y-Crate · · Score: 5, Funny

    Everybody knows '28 Days Later' started out as a warning about the dangers of spam.

  17. Take some responsibility by dark+grep · · Score: 4, Interesting
    From the very start we (an ISP) have told our customers they are responsible for the proper use of their computers. If you own a car and drive it into a schoolyard and kill someone's child, it is not an acceptable defence to say "Shucks, I didn't know how to drive, not my fault".

    So too, if you own a computer and want to be part of a community of connected computers, not bothering to inform yourself of how to do that does not excuse your responsibility for whatever damage your computer causes.

    So what we do to spam zombies is:

    a) block them totally and stop them from causing any more damage

    b) send them an email telling them how much it cost to clean up their mess (usualy around $500), and that we will bill them if they do it again

    c) only unblock them when they give us their assurance they understand what the future costs may be an will never allow it to happen again

    d) permanently disconnect them and bill them the full amount of sysadmin and helpdesk time and materials of they allow it to happen again.

    It's a really tough line, sure, we have lost maybe 3 customers as a result in 18 months (average spend per customer is $34 per month), out of 20,000. But it is far, far cheaper that the cost of just letting it happen unchecked.

    1. Re:Take some responsibility by mwvdlee · · Score: 3, Interesting

      So how are they supposed to know how to protect their systems?

      Truth is that most of us trained full-time IT professionals don't completely know how to keep our systems clean, so you can't expect a user to do so.

      It's more like a car causing an accident because somebody sabotaged the breaks. Not every driver is supposed to understand how their car works internally, let alone continuously check every technical detail of it, yet this is what you expect of average computer users.

      It's like a war between highly funded, heavily armed, well trained green-berets and ordinary civilians; you think it's a fair fight?

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
    2. Re:Take some responsibility by mwvdlee · · Score: 2, Interesting

      Not even accessible to a full-time carthief?

      --
      Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
  18. the 6th sense by MasterSLATE · · Score: 4, Funny

    Cole: I see dead people...
    Crowe: In your dreams?
    Cole shakes his head
    Crowe: While you're awake?
    Cole nods
    Crowe: Dead people like in graves and coffins?
    Cole: ...They don't know they're dead
    Crowe: How often do you see them?
    Cole: everytime I go to Europe, (pause) they're everywhere...

    --

    [sig]www.masterslate.org[/sig]
  19. Hooray for the Internet by mcc · · Score: 5, Funny

    Man. If you could go back in time to 1980 and tell everyone that in 25 years, European governments would be spearheading an initiative called "Operation Spam Zombies", and that this name was not in any way meant to be humorous, the looks on peoples faces would be priceless.

    --
    Irritable, left-wing and possibly humorous bumper stickers and t-shirts
  20. Re:Witches... in England! by Anonymous Coward · · Score: 3, Funny

    It's true. One of them turned me into a newt!

  21. zergs by Lord+Omlette · · Score: 2, Funny

    Guns are outlawed in most of Europe, right? How will they defend themselves?

    --
    [o]_O
    1. Re:zergs by bursch-X · · Score: 2, Funny

      Europe has the most deadly strike force on earth:

      British hooligans.

      Just tell them the zombies are from the 'other' team and the matter is sealed.

      --
      There are two rules for success:
      1. Never tell everything you know.
  22. flawed study by Eugene · · Score: 3, Interesting

    from TFA:

    "Using a tool that can track zombie machines, CipherTrust found that 26 per cent of them were hosted in European countries, with most of them in Germany (six per cent), France (five per cent) and the UK (three per cent)."

    so now the article establied that the *most* infected country is Germany, with is 6%. now the immediate next paragraph:

    "The company's ZombieMeter found that hackers were hijacking around 172,009 computers every day. Approximately 20 per cent of those machines were based in the United States, and 15 per cent were found in China. CipherTrust did not provide details of where the attackers resided."

    and US account for TWENTY percent compare to Germany's SIX percent. Even China's FIFTEEN percent is higher. I don't mind it do a country by country comparation, or even a continent by continent. I wonder what's the overall percentange if you really compare it continent to continent. I wonder what's the overall percentage of Americas, Europe, and Asia is...

    but IMHO grouping Europe all together and compare it against nations like US and China is just wrong.

  23. Re:Witches... in England! by Anonymous Coward · · Score: 2, Funny

    ... ...

    I got better...

  24. I for one ... by JaF893 · · Score: 2, Funny

    I for one welcome our new Zombie overlords.

  25. Re:Understand now? by gmuslera · · Score: 2, Funny

    Nah, do the real change, Replace the MS for an X in MS Windows and most of your actual problems will dissapea... well, may come others, of course, instead of being zombie you could become r00ted, 0wned or h4x0red and pass a lot of time trying to undestand what those extrange words with numbers mean.

  26. Proportions of Zombies by Archibald+Buttle · · Score: 2, Informative

    As ever there are lies, damn lies and statistics.

    China has a population of about 1.3 billion. The USA has a population of about 295 million. South Korea has a population of approximately 48 million, less than a fifth that of the US, and under 1/20th that of China, yet it has about half the number of zombies of the US.

    Proportionally South Korea is by far the worst offender on the list.

    How difficult is it to keep your OS up to date and run virus scanners?

    The "May Top 10" chart on CipherTrust's web site of course features the "European Union", yet on the same list we see Germany, France, UK and Spain, all member states of the EU.

  27. not rocket science by macpeep · · Score: 4, Interesting

    EU has 460 million people. USA has 300 million people.

    Assuming the same level of spread of Internet access, the EU should have 1.5 times more zombies than the USA.

    The site mentioned in the article shows that in May, EU had 1320985 zombies and the USA had 964020. That means the EU has 1.37 times the zombies of the USA, despite having 1.5 times more people.

    In 2004, Internet usage rates were at 47% in EU and 52% in the USA.

    Conclusion: the zombie rates don't vary between USA and Europe. Population, on the other hand, does vary. Therefore, you can expect the EU to continue to have more zombies than the USA. Also, as China's and India's internet usage grows, they will probably pull ahead in the stats.

    Disclaimer: The numbers were pulled from various sites online using Google for searching. If someone has conflicting figures one way or the other, I wouldn't be surprised.

  28. Re:isn't surprising by Wieland · · Score: 2, Informative

    [rant]If you "generally consider the internet as USA only", that probably says a whole lot more about you than it does about the internet. Are you aware you wouldn't even be reading /. if it weren't for the Swiss CERN, creating the WWW? Do you know that broadband penetration is as high (if not higher) in many EU countries as it is in the US? Don't you think it's about time for many Americans to drop the conceited attitude, and to look around and notice they're not alone on the planet?[/rant]

    That being said, according to TFA, The origin of the zombie machines may change on a daily basis as machines can be infected anywhere in the world. CipherTrust has found that during April and May, the largest percent of zombie originations have alternated between China and the United States. In addition, during the first three weeks of May, approximately 26% of daily new zombies originated in the European Union, so let's not jump to any conclusions about Europe's supposed backwardness here. The figures may very likely show an entirely different picture again tomorrow, as they apparentely did just a few weeks ago.

  29. Stupid ... Europe is not a country by rudy_wayne · · Score: 2, Interesting

    What kind of moron compares one country against a group of several countries? What kind of comparison is that? Look at the individual numbers:

    U.S. - 20%
    Germany - 6%
    France - 5%
    U.K. - 3%

    Only by lumping everyone together as "Europe" are they able to claim that the majority of zombies are not located in the U.S. Even though I live in the U.S., I find this article totally stupid.