The Federal Trade Commission is urging ISPs to take a tougher stance on compromised computers known as “spam zombies,” including cutting off Internet access for the machines, which experts believe are responsible for sending out huge volumes of unsolicited e-mail messages.
The FTC joined with government agencies from 20 countries announcing Operation Spam Zombies in an effort to alert ISPs about the problem. ISPs should consider several options to stem the zombie problem, including better user education, anti-virus protection and even denying Internet access for problem machines, FTC officials said.
The FTC action is just the latest foray by the U.S. governments trade and consumer protection agency into the spam problem. The statement on spam zombies is similar in structure and intent to Operation Secure Your Server, a 2004 initiative by the FTC and agencies in 26 countries that urged ISPs to crack down on so-called open relays that spammers use to forward e-mail, said Don Blumenthal, Internet lab coordinator at the FTC in Washington. “Its an international effort, again, to alert ISPs and remind them about the problem of spam zombies.”
The FTC suggested business and network practices ISPs can use to eliminate spam zombies and steps to prevent computers from being turned into zombies in the first place.
The agency will also commission audits of zombie behavior by ICG Inc., of Princeton, N.J., an enterprise threat management company that has expertise in researching the source of spam and has worked with ISPs, Blumenthal said. Those audits will begin in July, he added.
The FTC will not stipulate best practices or demand that ISPs cut off zombie machines, although it will suggest that ISPs deny access to spam zombies where appropriate, Blumenthal said.
Recent FTC anti-spam actions
- April 2004 FTC adopts rule requiring sexually explicit spam to be labeled as such in the subject line; FTC files complaints against two spam operations, the first criminal prosecutions under the federal CAN-SPAM Act
- September 2004 FTC and the National Institute of Standards and Technology host e-mail authentication summit to stop spam
- January 2005 FTC charges corporations and individuals for violation of CAN-SPAM labeling provision for sexually explicit e-mail
- May 2005 FTC announces Operation Spam Zombies to remove zombies from Internet