Sophos has announced a new alert service that clues admins in to zombie computers running on their networks.
“Zombie computers” are systems infected by malware that can, in turn, provide a malicious person with the ability to use them as spam gateways, members of distributed denial of service attacks, and other illicit activity. A recent high-profile example of zombies in action involve the Sober family of viruses, which turned PCs into conduits for nationalist hate spam.
Sophos says its service, ZombieAlert, advises service subscribers when a computer on their network is found to have sent spam to Sophos’ network of spam traps. The service also provides notification if an IP from within a customer’s network is listed in public Domain Name Server Blackhole Lists (DNSBL).
“Sophos is the first vendor we know of to offer an on-the-fly alert
service that advises organizations that they are being used to host zombies,”
said David Ferris of Ferris Research. “This service is unique and very timely.
I would anticipate that competitors would soon follow suit.”
Sophos said the service also has applications for Internet Service Providers (ISPs), who can use it to identify and alert consumers of a threat.