Microsoft has filed a lawsuit against groups it claims use zombie computers to send spam.
A company experiment on how remote and infected PCs could be used to send enormous quantities of spam, persuaded the software giant to take action, it said.
The civil suit claims that it is the first to "specifically target illegal e-mail operations that connect to zombie computers to send spam."
Zombie computers, through the unwitting acquisition of bad code, allow computers in remote locations to use them to carry out illegal activities. In its experiment, Microsoft turned a PC into a zombie by infecting it with malicious code. The company then monitored how much spam and spyware the computer sent. After three weeks, 18 million e-mail messages had been sent from five million different connections.
"The numbers were astonishing," said Microsoft lawyer Tim Cranton, who directs the company's Internet Safety Enforcement Team. "Much higher than we expected." More than half of the spam currently being sent originates from zombies, according to Microsoft.
Microsoft used cross-referencing methods with multiple mail servers to narrow the scope of the lawsuit to 13 groups of spammers. "In two to three months, we will amend the lawsuit to name the spammers who are taking advantage," said Cranton. He won't go into details about the groups being investigated, but notes that "a fair amount" of the spammers are based in the United States.
"This is compelling information that will hopefully get people's attention," Cranton said. The lawsuit, filed as a John Doe suit because it doesn't name specific defendants, alleges six counts ranging from trespassing to a violation of the CAN-SPAM federal legislation, which requires clear identification of a message's purveyor and an opt-out clause to the recipient, among other things. Cranton says Microsoft plans to use the federal law as well as a Washington State anti-spam law to prosecute the spammers. "We're talking about criminal behaviour here," Cranton added.
Microsoft has sued spammers before. In 2004, the company filed lawsuits against eight alleged spammers under the CAN-SPAM federal legislation.