A Weblog About Topics and Issues Discussed in the Book Spam Kings by Brian McWilliams

« Smith violates pre-trial release | Main | Botmaster busted »

October 27, 2005

Microsoft's decoy zombie

Microsoft said it has filed "John Doe" lawsuits against the operators of 13 spam organizations that use illegal "zombie" computers to send their spam. The company held a press conference today with officials from the Federal Trade Commission to announce the lawsuits, filed in Washington State's King Country court on August 17.

Microsoft tracked down the spam operations by intentionally infecting a PC with some malicious code known to turn unprotected computers into zombies. (Tim Cranton, director of Microsoft’s Internet Safety Enforcement programs, explained the process (mp3 audio) at the news conference in Washington, D.C. today.)

The company said that within 20 days, the PC received more than 5 million connections that resulted in requests to send 18 million spam e-mails. These requests contained advertisements for more than 13,000 unique domains. (Microsoft said it "cordoned off" its zombie to prevent it from actually sending out any spams.)

"Honey pot" or "spam trap" email accounts are often created by ISPs and law enforcement to keep tabs on spam operations. But Microsoft's decoy zombie will give it a new perspective on spammers.

zombie.jpgArmed with the information gained from this zombie, Microsoft is going to use subpoenas and other discovery tools to find out who's behind the IP addresses used to send spamming requests to the quarantined zombie, along with the identities of the operators of the Web sites advertised in the spam.

If I'm reading the King County court docket correctly, one of those subpoenas has already gone out to cable-Internet provider Adelphia Communications.

Microsoft said it hopes to amend the lawsuits in the coming months to name the actual spammers who used its decoy zombie.

Posted by brian at October 27, 2005 10:34 AM


Unfortunate that they infected their own PC though. I think it would have been a more powerful legal argument had they left the PC unprotected and let it become infected on its own, or through normal use.

Posted by: Joshua at October 31, 2005 10:42 AM

Joshua, I also wondered about the legal repercussions of Microsoft's strategy. But it certainly looks like a very proactive way to gather information on botnets and spammers who use them. :)

Posted by: Brian at October 31, 2005 7:53 PM


Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they express,
and O’Reilly Media, Inc., disclaims any and all liability for that content, its accuracy, and opinions it may contain.

All trademarks and registered trademarks appearing on spamkings.oreilly.com are the property of their respective owners.

O'Reilly Home | Privacy Policy

© 2004 O'Reilly Media, Inc.
For assistance with this site, email: