Zombie PCs are getting smarter and harder to track down, according to security software vendor Commtouch. This is a early hint of a world with more advanced artificial intelligence (AI). The AI could be used for good or bad and could themselves be good or bad.
New zombies now routinely request new IP addresses from their ISPs, so anti-spam software that works by blocking spam based the originating IP addresses can no longer effectively halt them, the company said in its most recent quarterly Internet Threats Trend Report.
While some ISPs deny their request to change IP address, others accede, giving them new IP addresses in real time, Amir Lev, chief technology officer at Commtouch (NASDAQ: CTCH), told InternetNews.com. The result is that zombies can change addresses much faster than most security services and software can respond, which means their users are not protected, Lev said.
The resurgence in botnets has seen spam levels go up, as well. While they averaged 72 percent of all e-mail traffic throughout the fourth quarter of 2008, they now total 85 percent of all e-mails. That 85 percent constitutes 150 billion spam messages daily, Lev said.
There is an estimated 300,000 zombie PCs.
Spam and botnet activity fell sharply late last year after major spam host McColo was shut down in November.
Weeks later, however, the spammers and botnet controllers surged back.
Another new tactic adopted by spammers involves more complicated attacks that help them more easily slip past defenses. They include combination attacks, like the one that breached online bill paying service CheckFree — and these are proving almost impossible to stop. The CheckFree attackers used a combination of phishing (define), pharming — redirecting traffic to a bogus Web site — and a “drive-by” malware injection that added botnet software to visitors’ PCs.
“We’re still seeing blended attacks and they have only one purpose — distributing more botnets,” Commtouch’s Lev said. “They mainly direct people to landing pages, where they’re infected.”
Another new tactic adopted by spammers increases the difficulty of detecting and stopping the malicious links they trick victims into clicking. Increasingly, spammers’ malicious links send Internet users to a traffic management system, which redirects each visitor to a different location every time — distributing the traffic load, making it more difficult to track the spammers and hiding the malicious activity from the system administrator.