Microsoft announced on Thursday that it has filed a lawsuit against groups that use zombie computers. The software giant took the action after learning through a company experiment that use of infected PCs to thwart spam blockers and pass along immense quantities of junk email is more widespread and disruptive than the firm expected.

A Microsoft statement said that the civil suit, filed in August in Washington State's King County Superior Court, "for the first time specifically targets illegal email operations that connect to zombie computers to send spam".

Zombie computers, through the unwitting acquisition of bad code, allow computers in remote locations to use them to carry out illegal activities.

PCs go wild

In a controlled experiment, Microsoft turned a PC into a zombie by infecting it with malicious code. The company then monitored how much spam and spyware the computer sent. After three weeks, the number totaled 18 million email messages from five million different connections.

"The numbers were astonishing," says company attorney Tim Cranton, who directs Microsoft's Internet Safety Enforcement Team. "Much higher than we expected."

More than half of the spam currently being sent originates from zombies, according to Microsoft.

How Microsoft measured

Cranton says the software giant used cross-referencing methods with multiple mail servers to narrow the scope of the lawsuit to 13 groups of spammers. The company did this by comparing email messages sent to the infected computer with company-monitored Hotmail accounts designed to trap spam.

"In two to three months, we will amend the lawsuit to name the spammers who are taking advantage [of consumers]," says Cranton. He wouldn't go into detail about the groups being investigated, but notes that "a fair amount" of the spammers are based in the US.

"This is compelling information that will hopefully get people's attention," Cranton says. The lawsuit, filed as a John Doe suit because it doesn't name specific defendants, alleges six counts ranging from trespassing to a violation of the Can-Spam federal legislation, which requires clear identification of a message's purveyor and an opt-out clause to the recipient, among other things. Cranton says Microsoft plans to use the federal law as well as a Washington State anti-spam law to prosecute the spammers.

"We're talking about criminal behaviour here," Cranton says.

Microsoft has sued spammers before. In 2004 the company filed lawsuits against eight alleged spammers under the Can-Spam federal legislation.

Protection tips

At a news conference in Washington, Cranton, officials of Consumer Action and representatives of the Federal Trade Commission discussed the suit and ways for computer users to avoid zombie-generated spam.

Consumer Action's Linda Sherry encouraged PC users to take a variety of steps to inoculate their computers in the face of this threat, including:

  • Use a firewall. "And if you need to turn it off to access a website, make sure you turn it on again."
  • Get computer updates.
  • Use antivirus software.
  • Be wary of attachments.

The FTC announced the creation of a spam education site, "This is our attempt to have a one-stop shop for consumers to protect themselves," said Dan Salzburg, a representative of the FTC.

One company from the private sector uses creative filters, based on the volume of mail sent and the reputation of the sender, to separate wanted from unwanted correspondence.

Ironport Systems believes that through a combination of throttling (setting rate limits for sent messages to more easily target zombie PCs that send extremely high amounts of email in a short amount of time) and reputation filtering (applying different standards to email based on the message's sender) it can more efficiently separate the wheat from the chaff.

"On the 'receive' side, we can block 80 percent of the stuff at the connection level by examining behaviour of the mail server," says company spokesperson Tom Gillis. "The remaining 20 percent we're going to open up more carefully."

Gillis, who says that Ironport serves such top internet service providers as Roadrunner, Sprint and Verizon, admits that spam filtering is always ongoing.

"This is definitely a cat-and-mouse game," he says. "We develop an algorithm to block [spam], and [the spammers'] engineers come up with something to get around it."