& cplSiteName &

P-Cube: We Can Kill Zombies

Light Reading
News Analysis
Light Reading
9/20/2004

Newly acquired P-Cube Inc., a maker of hardware to manage network traffic, today introduced a spam buster designed to catch and quarantine infected PCs launching zombie attacks (see Cisco Takes Apps on Board).

Zombies, PCs that have been implanted with malicious code for use in attacking other PCs, are on the rise as more spammers are spreading viruses and advertisements by sending out remote access trojans (RAT) or trojan horses. Unbeknown to the user, a trojan horse can enter a PC through an email attachment or an unsecured port. The horse notifies the spammer after it has infected the PC; it then lays dormant awaiting the spammer’s call.

The spammer usually waits until a large number of computers have been infected with the trojan horse before commanding the zombies to rise. Each zombie then triggers a mechanism which sends out bulk email.

The large number of attacking computers makes it difficult to identify the source of the attack or take corrective action, especially without disrupting service for others.

Sunnyvale, Calif.-based P-Cube, soon to be part of Cisco Systems Inc. (Nasdaq: CSCO), says its Broadband Spam Control Solution detects zombie PCs soon after they wake up and begin sending out bulk mail (see Cisco Plucks P-Cube for $200M). P-Cube’s application can identify and stop a zombie attack after the first few thousand emails have been sent. This is a relatively small percentage of the total amount of spam messages outgoing during an attack, says P-Cube VP of marketing, Milind Gadekar.

Spam is an ongoing problem for service providers, using up bandwidth, overloading mail servers, and slowing down networks. Analysts say those that are most successful at combating spam will keep and sign on more customers. “[P-Cube’s application] is a helpful weapon in the ongoing attempt of ISPs to control their networks,” says Lydia Leong, a principal analyst at Gartner Inc.

The spam solution is a part of P-Cube’s traffic analysis and network control capabilities. The company has developed hardware engines that can monitor traffic at Layer 7, distinguishing traffic flows in ways traditional routers can't.

Some analysts say P-Cube’s solution appears different from those of other spam fighters because it detects zombie attacks at a very early stage, preventing spam from traveling the network.

Other strategies to control spam, such as filtering or black-listing IP addresses, slows down the network for other users and often punishes legitimate users, analysts say. These strategies filter spam after they have been delivered, failing to ease the burden of overloaded mail servers, says Gadekar.

P-Cube says its solution can stop spam attacks before they travel the network. And its method of blocking and notifying the infected PC does not affect the network for other legitimate users.

To detect infected PCs, P-Cube uses its service application Engage, which provides state-based monitoring of protocols that allows for the detection and control of any network application including Web browsing, multimedia streaming, and peer-to-peer.

Zombies hide the identity of their originator, but they leave fingerprints in network usage patterns. P-Cube’s solution performs deep packet inspection to account for the type of SMTP traffic generated by subscribers and identify suspicious patterns that exist in zombie mail traffic.

After the infected PC has been detected, P-Cube’s solution allows the service provider to deny network access. At the same time, the user is notified that the PC is infected and is instructed to contact the service provider. It’s then up to the service provider to tell the user how to cleanse the PC and take measures to prevent another attack.

— Joanna Sabatini, Reporter, Light Reading


For more on this topic, check out:


For further education, visit the archives of related Light Reading Webinars:



(3)  | 
Comment  | 
Print  | 
Related Stories
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
slickmitzy
slickmitzy
12/5/2012 | 1:15:57 AM
re: P-Cube: We Can Kill Zombies
This is not really a new feature.
Sandvine which competes with pcube in the p2p arena is doing that for a while now.
you can check out their site at www.sandvine.com
We are using them and it works really well.
The only limitation of sandvine is that each of their boxes can only handle about 750Mbits/sec. but you can cluster them together to get a better throughput.

dljvjbsl
dljvjbsl
12/5/2012 | 1:15:54 AM
re: P-Cube: We Can Kill Zombies

As a real question, why would an ISP invest in this technology? How does it add to the bottom line?
BigBrother
BigBrother
12/5/2012 | 1:15:21 AM
re: P-Cube: We Can Kill Zombies
Money and customer satisfaction, if traffic has to route outside their own network, there is a charge, no matter how small it is. When there are some many Zombies at work, it also slow down the network.
Featured Video
Upcoming Live Events
March 16-18, 2020, Embassy Suites, Denver, Colorado
April 20, 2020, Las Vegas Convention Center
May 18-20, 2020, Irving Convention Center, Dallas, TX
May 18, 2020, Hackberry Creek Country Club, Irving, Texas
September 15-16, 2020, The Westin Westminster, Denver
All Upcoming Live Events
Upcoming Webinars
Webinar Archive
Partner Perspectives - content from our sponsors
Challenges & Key Issues of Constructing 'MEC-Ready' 5G Bearer Networks for Carriers
By Dr. Song Jun, Senior Solution Architect, Huawei Datacom Product Line
Good Measures for 5G Service Assurance
By Tomer Ilan, Senior Director of Product Management, RADCOM
Automation Scores Against Operational Costs – The Business Benefits of Automation and Orchestration
By John Malzahn, Senior Manager, Service Provider Product Marketing, Cisco Systems
All Partner Perspectives