German magazine c't says it has evidence that virus writers are selling the IP addresses of PCs infected with Trojans to spammers. Spammers use these infected systems to unlawfully distribute commercial email messages, without the knowledge of their owners.

The Trojan involved was spread by a virus called Randex. This small program contacted its 'master' through the chat protocol IRC. It was programmed to look for CD keys of games, or secretly load additional software. The Trojan was also able to install a proxy server which can be used to relay spam through the infected PCs.

c’t passed on all the information to New Scotland Yard and several individuals in different countries have been arrested, the magazine claims.

Full details in the print issue of c't, available in German from Monday February 23.

Security experts and spam fighters have always assumed that spammers use Trojans to turn home workstations into unwitting hosts or zombies in pornography and spam distribution rings. Not only can these techniques be used to bypass IP address blacklists, but also to launch DoS attacks. ®