FTC, Partners Launch Campaign Against Spam Zombies

The Federal Trade Commission and 35 government partners from more than 20 countries have targeted the technology trick used by illegal spammers to tap into consumers’ home computers and use them to send millions of pieces of illegal spam. Spammers use hidden software that allows them to hijack consumers’ home computers and route spam through them. By routing their emails through “zombie” computers, the spammers are able to hide the true origin of the spam from consumers and make it more difficult for law enforcement to find them. Consumers often do not discover that they, themselves, have been sending spam.

The FTC and its partners today announced “Operation Spam Zombies,” an international campaign to educate Internet Service Providers and other Internet connectivity providers about hijacked, or “zombie” computers that spammers use to flood in-boxes here and abroad. Twenty members of the London Action Plan, an international network combating spam, and 16 additional government agencies who will participate in Operation Spam Zombies will send letters to more than 3,000 ISPs around the world, urging them to employ protective measures to prevent their customers’ computers from being hijacked by spammers. The measures include:

• blocking a common Internet port used for e-mail when possible;
• applying rate-limiting controls for e-mail relays;
• identifying computers that are sending atypical amounts of e-mail and take steps to determine if the computer is acting as a spam zombie. When necessary, quarantine the affected computer until the source of the problem is removed;
• providing plain-language information for customers on how to keep their home computers secure; and
• providing or pointing their customers to easy-to-use tools to remove zombie code if their computers become infected.

The next phase of the operation will be to identify likely spam zombies around the world as well as the providers that operate the networks that are hosting them. The partners will then notify these providers of the problem and urge them to implement corrective measures.

“Computers around the globe have been hijacked to send unwanted e-mail,” said Lydia Parnes, Director of the FTC’s Bureau of Consumer Protection. “With our international partners, we’re urging Internet Service Providers worldwide to step up their efforts to protect computer users from costly, annoying, and intrusive spam ‘zombies.’”

The FTC has created a Web page, www.ftc.gov/bcp/conline/edcams/spam/zombie/index.htm, for this project. It includes a summary of the project, the letter that the FTC and its partners are sending to ISPs, and a list of participating agencies from around the world. The partners also will post translations of the ISP letter on this Web site and post other updates concerning this project.

The FTC, Department of Commerce, Department of Homeland Security and 33 agencies from Albania, Argentina, Australia, Belgium, Bulgaria, Canada, Colombia, Cyprus, Denmark, Germany, Greece, Ireland, Japan, Korea, Lithuania, Malaysia, Netherlands, Norway, Panama, Peru, Poland, Spain, Switzerland, Taiwan, and the United Kingdom have joined in this project.

This year’s campaign follows two similar campaigns targeting other spam anonymizing techniques: “Operation Secure Your Server” (2004) and a campaign against “open relays” (2003).

The FTC works for the consumer to prevent fraudulent, deceptive, and unfair business practices in the marketplace and to provide information to help consumers spot, stop, and avoid them. To file a complaint in English or Spanish (bilingual counselors are available to take complaints), or to get free information on any of 150 consumer topics, call toll-free, 1-877-FTC-HELP (1-877-382-4357), or use the complaint form at http://www.ftc.gov. The FTC enters Internet, telemarketing, identity theft, and other fraud-related complaints into Consumer Sentinel, a secure, online database available to hundreds of civil and criminal law enforcement agencies in the U.S. and abroad.