Spam Tool | Block Email in Outlook | Block Junk Mail           

spam filter download   
Latest Update:  
SpamButcher 2.1  

spam blocker awards 

 SpamButcher Anti Spam Filter
Cutting Edge Spam Elimination

SpamButcher's next generation anti-spam software can detect and remove most unwanted mail messages before the arrive in your inbox.

Free Anti-Spam Download - Click Here!

<< Back...

Killing Spam Zombies Made Easy - Capturing and Evaluating Network Traffic

So far you've determined that your network has suspicious traffic on it, and have isolated the source down to either a single system or a few computers.

Now you'll need to figure out if that traffic is being caused by spam zombie activity, or can otherwise be explained.

First, consider if there's good reason for the system in question to be generating network activity. Try to eliminate other possible sources of traffic, and see if the unexplained activity goes away.

Possible legitimate sources of unexplained network activity:

- FTP or Web Servers
- Windows File Sharing
- Music sharing software (Kazaa, etc)
- Automated software updates (anti-virus / anti-spam program updates, windowsupdate.com, etc)

If practical, shutdown any services or software related to any of the above to see if it eliminates the unexplained traffic.

If you weren't able to identify the traffic as being legitimate, you'll need to examine it more directly by installing a tool known as a packet sniffer on the suspect system. Ethereal is a fairly easy to use one, and is free.

You can download Ethereal from http://www.ethereal.com. Be sure to download and install WinPcap first, as it's needed for Ethereal to function.

Once Ethereal is installed and running, click the left most button on the toolbar. Then, click the "Capture" button. This will begin logging all network traffic sent to and from your system. After 10-15 seconds of capturing, click "Stop."

You now have a captured sample of the unexplained traffic. Since the purpose of a spam zombie is to send spam, identifying them is fairly easy once you can look at the network traffic.

The protocol used to send email (including spam) is called SMTP. As a technical note, SMTP is sent via the TCP/IP port 25. In Ethereal, SMTP traffic is easy to identify. If your log looks something like the picture below, you've almost certainly got a spam zombie.

If the system is the source of other unexplained traffic, it may also be a problem. It's possible that you have a zombie on your hands, but it may be being used for something other than sending spam. Spyware and other malicious software besides zombies can also generate mystery traffic.

Looking at the protocols in use and the destination network address can sometimes offer insight into what's going on. Google can also be a good resource in identifying the nature of the unexplained packets.

The important thing is to attempt to determine if the nature of the traffic malicious or not. If the system appears to be generating a large amount of ongoing traffic you can't account for, it may be safest to deal with it as if it were infected. When in doubt, contact an IT professional for further assistance.

The next step is to kill the zombie. You've already backed up all your data, right?

Next: Killing the Zombie >>





Over 300,000 Downloads!



"consistently kills 97% of the over 250 spam I get each day"
  -Rich