Cisco property-to-be sniffs out spam 'zombies'

P-Cube, soon to be acquired by the networking giant, adds feature to help broadband service providers fight "zombie" e-mail attacks.

Marguerite Reardon Former senior reporter
Marguerite Reardon started as a CNET News reporter in 2004, covering cellphone services, broadband, citywide Wi-Fi, the Net neutrality debate and the consolidation of the phone companies.
Marguerite Reardon
3 min read
A start-up being acquired by Cisco Systems announced on Monday that it is adding a new feature to its traffic management product that will detect and protect Internet service provider networks from spam "zombie" attacks.

Cisco last month said it plans to acquire upstart P-Cube for $200 million. The deal is expected to close in late September or early October.

P-Cube's flagship product, the Engage v2.1 Service Control Platform, is used by broadband service providers to monitor, control and bill for services such as voice over Ibternet Protocol, interactive gaming, video on demand and peer-to-peer applications. Many service providers have used the product to identify bandwidth-hungry peer-to-peer applications.

Our reporters' take on what's
happening in broadband.

The company's latest feature goes after spam zombie attacks, which are caused when hackers and spammers infect unprotected computers with a Trojan horse program. Once infected, these computers become zombie-like machines that can be used to either distribute more spam or serve as the basis for a distributed denial-of-service attack.

About 40 percent to 80 percent of all junk e-mail originates from spam zombies, said Milind Gadekar, vice president of marketing at P-Cube. Because there are so many machines launching attacks, it's often difficult to identify the source of a spam zombie attack or even stop the assault.

P-Cube's product takes a three-step approach to fighting this problem. First, it identifies machines that could be zombies by inspecting thousands of messages. Using various parameters, it identifies likely sources of spam attacks. After suspicious traffic patterns have been identified, P-Cube's product reports the problem to system administrators. The product also can be set up to automatically intervene, quickly redirecting or quarantining the zombie machines.

Because infected users are unaware that their computers are infected, the P-Cube product notifies subscribers of the infection and redirects them to support centers where they can take corrective action.

Because P-Cube's technology tracks and monitors individual subscribers, the company is able to take a more granular approach to security. The spam-fighting tool is just one of several features the company has added recently. Earlier this year, it introduced a product to protect broadband service providers from denial-of-service attacks. It also added a feature to help these service providers block users from accessing copyrighted information.

P-Cube believes that its product can help stop spam at the source. Several other companies have taken this broad approach. Microsoft, Cisco and Yahoo have all proposed sender identification tags to authenticate the original source of e-mail messages. TurnTide, recently purchased by Symantec, forces spammers to slow the rate at which they send packets.

But P-Cube's Gadekar said he doesn't expect customers to buy its product solely for the spam-fighting capabilities.

"This new feature is really meant to complement what companies are already doing to fight spam," he said. "We expect customers to deploy our product to monitor and control traffic on their network. The spam feature is a nice bonus."

Cisco's interest in P-Cube has helped put the start-up's technology in the spotlight. P-Cube already has more than 40 customers, but Gadekar said the company has gotten a lot more calls regarding its products since the acquisition announcement.

P-Cube competitors also seem to be benefiting from the heightened interest. Ellacoya Networks, which offers a similar product, announced that it received $7 million in a round of funding on Monday.

"The P-Cube acquisition offers a great jolt to the market," said Kurt Dobbins, founder and chief technology officer of Ellacoya. "Subscriber control is not fulfilled with legacy products. A new network element is clearly needed. It will become mandatory in broadband networks, as service providers start adding new services to their networks."

Dobbins said Ellacoya also offers features to fight spam and denial-of-service attacks.