Sophos Rolls Out Zombie Notification Service

by Michael Hall

A new service by Sophos will warn network admins when systems on their networks have been found to send spam, or wind up on a spam blacklist.

Sophos has announced a new alert service that clues admins in to zombie computers running on their networks.

"Zombie computers" are systems infected by malware that can, in turn, provide a malicious person with the ability to use them as spam gateways, members of distributed denial of service attacks, and other illicit activity. A recent high-profile example of zombies in action involve the Sober family of viruses, which turned PCs into conduits for nationalist hate spam.

Sophos says its service, ZombieAlert, advises service subscribers when a computer on their network is found to have sent spam to Sophos' network of spam traps. The service also provides notification if an IP from within a customer's network is listed in public Domain Name Server Blackhole Lists (DNSBL).

"Sophos is the first vendor we know of to offer an on-the-fly alert service that advises organizations that they are being used to host zombies," said David Ferris of Ferris Research. "This service is unique and very timely. I would anticipate that competitors would soon follow suit."

Sophos said the service also has applications for Internet Service Providers (ISPs), who can use it to identify and alert consumers of a threat.

This article was originally published on Thursday Jul 14th 2005