Timing their effort to coincide with national Cyber Security Awareness Month and Halloween, the U.S. Federal Trade Commission (FTC), Consumer Action and Microsoft are urging consumers to protect themselves from the threat of zombies, computers that are infected with malicious code so they can be controlled remotely by other people for illegal purposes.

"The only way to slow the spread of zombies and other online threats is by going after them as resolutely and in as many ways as possible," says Tim Cranton, director of Microsoft's Internet Safety Enforcement programs.

Microsoft maintains more than 130,000 MSN Hotmail "trap" accounts to investigate patterns within spam. These accounts catch e-mail sent by spammers to potential e-mail addresses. But, as all spam investigators quickly learn, investigating spam after it's delivered is like tracing an unwanted letter with an illegible (or fake) return address. Most spammers protect their identities by sending mail through zombies or using other masquerading tricks, making it fruitless to trace spammers based on the name listed in the "From" line in the e-mail's header.

But Microsoft's zombie investigation gave the company new insight into how it, as a technology developer and e-mail provider, can fight spam and zombies, as well as how to fight the creators of zombies in court.
"By inserting ourselves in the spammers' path and looking upstream, we have been able to see things we have never been able to see before," Cranton says.

Specifically, Microsoft was able to uncover the IP addresses of the computers that were sending spamming requests to the quarantined zombie, along with the addresses of the Web sites advertised in the spam.
To prove these spamming requests were not isolated examples, Microsoft compared the Web sites advertised in the quarantined zombie's spam to those listed in spam in the MSN Hotmail trap accounts.

Cranton says the researchers found numerous identical matches, and were able to determine that approximately 13 distinct spamming operations either helped create or exploit the zombie code placed on the quarantined computer.

These spammers, who are currently unidentified, are named as "John Doe" defendants in the civil lawsuit Microsoft filed in state court in King County, Wash., on Aug. 17. Filing a "John Doe" lawsuit allows Microsoft to use legal discovery tools – such as third-party subpoenas – to help learn the defendants' true identities.