Monday, May 24, 2004

Has your PC made you a spammer?

Is your PC spewing spam?:
"Putting a price on a viral network

But wait, it gets worse. Once upon a time, the only way spam operators spread their junk mail was by opening an e-mail account, queuing up a few thousand e-mail messages, then moving on. But Internet service providers got savvy to this practice, and now they look for abnormal spikes in outbound mail traffic, then immediately block or shut down spam-sending accounts.

So the spammers had to get even savvier. With last summer's Sobig virus, it became clear that someone was building viral networks to relay spam messages.

By using open proxies on virus-compromised Windows computers, a spam operator, who may be on some ISP's block list, sends direct marketing e-mail via someone else's compromised PC. Doesn't matter if the infected PC's ISP shuts them down; there are thousands of other PCs relaying the same spam. Viruses are moving targets, so as one system is disinfected or blocked, another system becomes infected."

To illustrate that point, the Sobig virus self-terminated every two weeks or so, allowing the virus writer to sell his or her list of currently infected PCs, then, after the virus expired, author another version, infecting different PCs, and sell that list at a later date. As individual PCs on a given virus network keep changing, the effort to identify and stop spam operators gets much harder.

Yet this open proxy method isn't perfect. To work, the spam operator still contacts each and every infected PC in the virus network. This requires bandwidth, almost as much as if the operator were using a single account to send the spam.

The self-contained spam factory method
Enter the Bobax worm. Security company Lurhq describes Bobax as a self-propagating Trojan horse and a self-contained spam factory. The worm carries with it a template and a list of e-mail addresses, so it's able to create spam on the fly.

This evolution suggests that the virus writers and the spam operators are working closely. No longer is a rogue virus writer selling his or her networks of infected computers created by off-the-shelf viruses and worms to spammers. Now, the spammers are ordering up custom-designed viruses and worms. Perhaps the virus writers are employees, working solely for the spam operators.

http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5136207.html?tag=adss
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)