CipherTrust has updated its TrustedSource e-mail system to block spam from zombie machines.

According the the company, TrustedSource 3.0 can weeding out traffic from those PCs that have been taken over by malicious hackers. It works by analysing the data from more than 1,600 CipherTrust customers, create a more accurate "e-mail reputation" for inbound e-mail. If spam appears in different companies' inboxes from the same system, it may point to the fact that it's been compromised.

The TrustedSource data is accumulated by the CipherTrust Message Profiler, a component of its IronMail appliances that examine e-mail messages. The resulting information is circulated back to the system.

The new dynamic reputation system will help spot traffic from "bad senders" such as zombie PCs and new threats without needing specific attack signatures, he said.

Currently TrustedSource has data on about 50 million IP addresses. Analysis of those addresses helped CipherTrust refine its approach to identifying spam, a spokesman said. "We noticed that the number of IP addresses we were monitoring had levelled off at around 50 million, and that around 30 percent of the e-mail we were seeing every day was from IP addresses we've never seen before."

Further analysis showed that around 95 percent of the mail from new IP addresses was malicious, usually from tens of thousands of new zombie machines that TrustedSource identifies each day. "We found that we could develop a probability of threat, even if we had never seen an IP address before by determining how persistent the IP address is at sending e-mail," Anthony said.

The frequency with which the source IP address sends mail is now one factor used in the TrustedSource service to assign e-mail messages a threat score, causing it to be quarantined, blocked or delivered by the IronMail devices. Other factors are keywords in the message text, whether a spoofed sender address is used, and whether the message has a malicious attachment, he said.

TrustedSource is available as a free update for CipherTrust customers who have purchased maintenance and support.