Spammers turn home computers into spam factories

Posted on 13 Jun 2003 at 16:59

Spammers have turned to viruses to prise open computers and force them to send the flood of spam mail.

UK-based MessageLabs says it has discovered in the last couple of weeks that senders of spam are using viruses to hijack computers with backdoor trojans and then use these pawns to send their own spam.

'We've suspected it for some time now,' said Paul Wood, chief information analyst at MessageLabs, whose services are used to scan 14 million emails a day.

'By cross-referencing our virus logs with our spam logs we discovered that there were significant numbers of IP addresses from where we were stopping viruses, we were also stopping spam. Rather than using their own bandwidth, [spammers] are hijacking other people's computers.'

Wood said that spammers initiate their attack by mass-mailing victims with an email that makes the sort of claims you would expect of spam mail, but with no URL link to visit. Instead, users may click on the attachment which contains the virus that may install a backdoor component to give the sender remote access to the infected computer and its own SMTP engine through which it can send spam, without the computer owner ever knowing.

He said that it is almost impossible to identify the sender of the spam, and by spoofing the 'return' address, spammers can launch a kind of bounceback denial of service attack, where replies from disgruntled recipients and bouncebacks from email addresses that are closed or non-existent are directed to a target of the spammer's choice.

'We've encountered increasingly high numbers of these types of attack,' said Wood. 'And certainly some companies are being forced to pull some domains because of the high levels of bounceback spam mail they are receiving.'

Wood said that while spam used to be considered a fairly brainless assault on the public's in-boxes, there is plenty of evidence that the scurrilous spammers are becoming increasingly sophisticated.

Another method used by spammers, he said, is to subvert web and proxy servers. Spammers send out programs on the Internet that scan for poorly configured servers, which are ever more common in times of economic depression where overworked sys admins are doing jobs they perhaps have neither the time nor expertise to do properly.

Once found, the spammer scans the server for the IP addresses that the server believes are within the internal company network and considers 'safe'. The spammer then sends junk mail through the server fooling it into believing that the spam comes from one of these allowed addresses.

Thus the spammer gets to use company's expensive bandwidth and has also hidden the origin of the flood of junk mail.

Author: Matt Whipp