Slashdot Mirror
Europe Home to Majority of Zombies
Rei writes "According to a recent CipherTrust study, the majority of Zombie PCs reside not in the US or China, but in Europe. Of the European zombies, 2/3 were either in Germany, France, or Britain. The results were released with the announcement of CipherTrust's new ZombieMeter. As a response to previous reports of high zombie activity, the London Action Plan launched Operation Spam Zombies in cooperation with numerous governments around the world."
... as to where the evil clerics are.
This has been obvious to me ever since Wolfenstein 3D almost 14 years ago.
This just goes to show that no one knows where spam and zombies reside. Everyone's "research" (obviously riddled with bias) says it's some place else.
Voud u like to touch my zombie?
Call in Shaun of the Dead!
Ed: Any zombies out there?
Shaun: Don't say that!
Ed: What?
Shaun: The "zed" word. Don't say it!
Ed: Well... are they any?
Shaun: I don't see any. Maybe it's not as bad as all that.
Shaun: Oh, no wait, there they are.
Sometimes I doubt your commitment to Sparkle Motion.
I expected something like this might happen some day, but I'm ready, thanks to this. Bring it on!
Top 10 includes the US at 28.5%. No EU country is in the top ten list. "during the first three weeks of May, approximately 26% of daily new zombies originated in the European Union, including 6%, 5% and 3% of new zombies originated in Germany, France and the United Kingdom, respectively." That's NEW zombies. The EU share of zombies is increasing, but it isn't the major source (yet).
550 : Recipient address rejected: cleric casts repel undead at spam zombie;
How do you know they weren't patched? Patching doesn't really help you when the user runs the executable attachment they got in their email, or installs something shiny they found on the web.
Back in the 1990s, Spam was a big problem. The problem was that a number of ISPs would ignore Spam complaints, or would even encourage spammers to be on their networks. Once enough ISPs refused to listen to complaints, Paul Vixie started the Realtime Blackhole List, which would allow people to find out if a given IP was blacklisted, and refused to receive email from a blacklisted IP.
I worked at Netcom when we ended up on the RBL. We did not have strong Spam protection; for example, our credit card verifier did not contact the credit card company before giving someone internet access. Even after being placed on the RBL, management was unwilling to expend the resources needed to stop our Spam problem; they thought the RBL would just go away. Meanwhile, the number of people calling or emailing technical support doubled because they could not send mail increased (I helped make some graphs showing the increase in emails to tech support to convince management that this was a real problem). It took months for management to wake up, smell the coffee, and make it harder for spammers to get throw-away accounts on Netcom's network.
(For NANOG regulars at the time: It was I who wrote the "Keman-bot")
A similiar list needs to be set up; if a given ISP has zombies and does not cut off said zombies from the internet, the ISP needs to be blacklisted RBL style. Maybe then management will do something about the zonbie problem--such as cutting of zombie machines from the internet (redirecting all HTTP queries to a "You're a zombie so we cut you off page" for example).
I was working on the mail server today, and going through logs tracking a clamav/amavis problem.
I started to notice that...one...after...another...the buggers were connecting. We're not even a very big site (just got a bunch of mailing lists). The DNS names were xxx-yyy-zzz-aaa.(something).(insert european country code).
They outnumbered legitimate connections easily 5:1 or more, and the sessions all consisted of:
client: "HELO, I'm in your domain! Here, have some email"
Postfix: "take a flying leap."
client: "HELO, I'm in your domain! Here, have some email"
Postfix: "take a flying leap."
client: "HELO, I'm in your domain! Here, have some email"
Postfix: "take a flying leap."
Every single one would try and send between 3 and 5 messages before finally realizing it wasn't going to work, and disconnecting. It's irritating, because we do actually run a couple of DNS blacklists, but it seems a lot of european systems aren't on them.
When are we going to stop taking the "oh, we'll just filter it" attitude? Feels like all we've accomplished in half a decade is to do spammer's work for them and make users complacent by hiding all this shit from them. It's a classic white elephant problem if I ever saw it...
Please help metamoderate.
Everybody knows '28 Days Later' started out as a warning about the dangers of spam.
So too, if you own a computer and want to be part of a community of connected computers, not bothering to inform yourself of how to do that does not excuse your responsibility for whatever damage your computer causes.
So what we do to spam zombies is:
a) block them totally and stop them from causing any more damage
b) send them an email telling them how much it cost to clean up their mess (usualy around $500), and that we will bill them if they do it again
c) only unblock them when they give us their assurance they understand what the future costs may be an will never allow it to happen again
d) permanently disconnect them and bill them the full amount of sysadmin and helpdesk time and materials of they allow it to happen again.
It's a really tough line, sure, we have lost maybe 3 customers as a result in 18 months (average spend per customer is $34 per month), out of 20,000. But it is far, far cheaper that the cost of just letting it happen unchecked.
Cole: I see dead people... ...They don't know they're dead
Crowe: In your dreams?
Cole shakes his head
Crowe: While you're awake?
Cole nods
Crowe: Dead people like in graves and coffins?
Cole:
Crowe: How often do you see them?
Cole: everytime I go to Europe, (pause) they're everywhere...
[sig]www.masterslate.org[/sig]
Man. If you could go back in time to 1980 and tell everyone that in 25 years, European governments would be spearheading an initiative called "Operation Spam Zombies", and that this name was not in any way meant to be humorous, the looks on peoples faces would be priceless.
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
EU has 460 million people. USA has 300 million people.
Assuming the same level of spread of Internet access, the EU should have 1.5 times more zombies than the USA.
The site mentioned in the article shows that in May, EU had 1320985 zombies and the USA had 964020. That means the EU has 1.37 times the zombies of the USA, despite having 1.5 times more people.
In 2004, Internet usage rates were at 47% in EU and 52% in the USA.
Conclusion: the zombie rates don't vary between USA and Europe. Population, on the other hand, does vary. Therefore, you can expect the EU to continue to have more zombies than the USA. Also, as China's and India's internet usage grows, they will probably pull ahead in the stats.
Disclaimer: The numbers were pulled from various sites online using Google for searching. If someone has conflicting figures one way or the other, I wouldn't be surprised.