Computing in the real world
SEARCH FOR: IN: Advanced Search
Guest  Level 00    Register Log in

News 

[PSUs]
Friday 13th June 2003
Spammers turn home computers into spam factories 4:59PM, Friday 13th June 2003
Spammers have turned to viruses to prise open computers and force them to send the flood of spam mail.

UK-based MessageLabs says it has discovered in the last couple of weeks that senders of spam are using viruses to hijack computers with backdoor trojans and then use these pawns to send their own spam.

'We've suspected it for some time now,' said Paul Wood, chief information analyst at MessageLabs, whose services are used to scan 14 million emails a day.

'By cross-referencing our virus logs with our spam logs we discovered that there were significant numbers of IP addresses from where we were stopping viruses, we were also stopping spam. Rather than using their own bandwidth, [spammers] are hijacking other people's computers.'

Wood said that spammers initiate their attack by mass-mailing victims with an email that makes the sort of claims you would expect of spam mail, but with no URL link to visit. Instead, users may click on the attachment which contains the virus that may install a backdoor component to give the sender remote access to the infected computer and its own SMTP engine
 
 
ADVERTISEMENT
through which it can send spam, without the computer owner ever knowing.

He said that it is almost impossible to identify the sender of the spam, and by spoofing the 'return' address, spammers can launch a kind of bounceback denial of service attack, where replies from disgruntled recipients and bouncebacks from email addresses that are closed or non-existent are directed to a target of the spammer's choice.

'We've encountered increasingly high numbers of these types of attack,' said Wood. 'And certainly some companies are being forced to pull some domains because of the high levels of bounceback spam mail they are receiving.'

Wood said that while spam used to be considered a fairly brainless assault on the public's in-boxes, there is plenty of evidence that the scurrilous spammers are becoming increasingly sophisticated.

Another method used by spammers, he said, is to subvert web and proxy servers. Spammers send out programs on the Internet that scan for poorly configured servers, which are ever more common in times of economic depression where overworked sys admins are doing jobs they perhaps have neither the time nor expertise to do properly.

Once found, the spammer scans the server for the IP addresses that the server believes are within the internal company network and considers 'safe'. The spammer then sends junk mail through the server fooling it into believing that the spam comes from one of these allowed addresses.

Thus the spammer gets to use company's expensive bandwidth and has also hidden the origin of the flood of junk mail.
Matt Whipp

Submit to: Digg  |  Slashdot  |  Del.icio.us  |  Technorati

Related News


Back to top
Compare Broadband
Broadband?
Compare 50+ packages
Enter your postcode below:
Powered by:
Top 10 Broadband
Bookstore Top 5
› See more News
› See more Hot topics

Columns

Prolog:

There are lots of ways to save money, says Tim Danton, but it's the little things that count. › See full Opinion
› See more Columns
›  See more Research Papers