Zombie Detection and Prevention
The Anti-Spam & Email Security Platform
SonicWall Email Security solutions protect your email server’s IP reputation by detecting and stopping zombie generated outbound spam, phishing and virus email. In addition, SonicWall Email Security can scan and apply compliance rules to outbound email and attachments.
Zombies and botnets.
A Zombie is a compromised computer system that can be remotely controlled by another person – a botmaster. A collection of Zombie systems under a common control structure is a Botnet. It is estimated that there are up to 150 million compromised computer systems – Zombies, spread throughout the globe. A Zombie system can be used to send out spam, phishing and virus laden emails. If you have a Zombie system on your network which does its work undetected, it is very possible that your organization’s IP address, the one used by the Zombie to send spam, could be blacklisted. Potentially good email from your organization’s IP address would be blocked as your IP address is on one or more blacklists.
|
Directory Harvest Attack (DHA) Protection |
Catching zombies.
Zombie detection is a function of both inbound and outbound protection. Inbound protection is prevention based, keeping out the email-based malware which could compromise a system on your network. Outbound protection is detection based, watching out for any Zombie systems on your network sending out spam, phishing or virus emails.
For outbound Zombie protection, there are three types of detection services:
- Attachment scanning to discover Malware-laden messages
- Send rates are checked for each sender
- All messages must come from someone in your LDAP registry.
Once Zombie generated messages are detected, SonicWall provides options as to how to route these suspect messages such as deleting them, or storing them in a junk box. Keeping the message in a junk box can be useful in forensic analysis after the attack is stopped.