Israeli firm looks to kill zombies
Commtouch to tackle botnets.
By Brad Reed, Network World | Published: 09:18, 18 December 2007
Israeli security firm Commtouch has launched a product aimed at tackling zombie computers.
Herson, who said that her company analyses "about a billion messages a day," explained that the GlobalView Mail Reputation Service looks for IP addresses where particularly large amounts of mail have been sent out and identifies whether or not they're being used to send out spam. If a certain IP address is identified as the home of a spamming computer, then the system uses a technique known as throttling that places a cap on how many messages can be received by that address within the system. This way, someone who is unwittingly using a zombie computer for legitimate purposes may send out a limited number of messages and not be blocked by the system.
"Our tracking process is a real-time process," says Herson. "Commtouch is constantly gathering information and analysing it. We've found that typically within 15 minutes we can identify most of the IP addresses involved in a spam or malware outbreak."
Zombie networks have become the weapon of choice for spammers in recent years, and Commtouch estimates that 85 percent of spam worldwide is sent from infected botnet computers. A recent survey of ISPs conducted by Arbor Networks found that botnets, which are networks of bots that are used to carry out distributed DoS attacks and usually reside within unwitting zombie computers, are seen as the most significant threat by ISPs. In addition to sending spam, botnets can be used to deploy powerful large-scale distributed DoS attacks that can reach rates of over 20Gbit/s.
"The tremendous increase in the volume of spam and e-mail-borne threats over the past 12 months has made it necessary to find new methods for intercepting unwanted mail at the network entrance," said Michael Osterman, principal of Osterman Research, who added that Commtouch's new service provided "effective real-time ranking for every sender trying to send email to an organisation, significantly reducing the mass of mail that would otherwise come into the network."
Commtouch said that implementing its service would not only provide increased email security but also will reduce IT expenditures by lowering the amount of bandwidth spent on receiving spam.