Feeds

Rise of the Spam Zombies

'Untraceable'

  • alert
  • submit to reddit

The essential guide to IT transformation

Pressed by increasingly effective anti-spam efforts, senders of unsolicited commercial e-mail are resorting to outright criminality in their efforts to conceal the source of their ill-sent missives, using Trojan horses to turn the computers of innocent netizens into secret spam zombies.

"This is the newest delivery mechanism," says Margie Arbon, director of operations of anti-spam group MAPS. "I've been looking for it for a year, and in the last couple of months people have actually found Trojans that are doing it... They're carrying their own SMTP engines. Failing that, they install open proxy software."

One of those programs popped up last week. Named "Proxy-Guzu," when executed by an unwitting user the Trojan listens on a randomly-chosen port and uses its own built-in mail client to dash off a message to a Hotmail account, putting the port number and victim's IP address in the subject line. The spammer takes it from there, routing as much e-mail as he or she likes through the captured computer, knowing that any efforts to trace the source of the spam will end at the victim's Internet address.

Trojan horses generally rely on their wielder's ability to trick innocent people into executing them. Proxy-Guzu, naturally, arrives as spam -- in one sighting the program was offered as a naughty peek at an online webcam.

One early victim of the malware, posting to an anti-virus message board, says he detected it only when his desktop firewall program alerted him to large quantities of outgoing e-mail messages sent to unfamiliar addresses, with subject lines like "Don't tell your parents about this!" and "your bill."

'Untraceable'

Spammers are borrowing the trick from the method electronic vandals use to create computer armies capable of launching distributed denial of service (DDoS) attacks against webservers. What may have been the first Trojan horse custom-tailored for spammers emerged last November: called "Jeem," it grants the perpetrator full access to a victim computer, but also includes a built-in SMTP server to facilitate e-mail laundering.

Arbon says the spam worlds' plunge into adolescent hacking techniques is a result of spammers enjoying fewer and fewer online havens from which to operate. "With the filters and the lists and heurists and all the mechanisms out there people are using, I think the people that are trying to find a way to get the mail delivered are resorting to alternative tactics," she says. "It's untraceable. I hate to put that in print, but it's the truth."

Of course, it also puts the spammers squarely on the wrong side of the law. "As a general rule it's legal to send someone an e-mail even if they don't want it," says Mark Rasch, a former Justice Department computer crime attorney. "But once you break into their computer and get their computer to send e-mail to someone else, then you're violating federal and state computer crime laws."

© SecurityFocus logo

Next gen security for virtualised datacentres

More from The Register

next story
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Linux kernel devs made to finger their dongles before contributing code
Two-factor auth enabled for Kernel.org repositories
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.