Feeds

Spam fighters infiltrate spam clubs

Tales from the underground

  • alert
  • submit to reddit

Choosing a cloud hosting partner with confidence

Spam fighters are gaining vital clues in the battle to keep in-boxes clean of junk mail by infiltrating spammer clubs.

Online spammer forums like the Pro Bulk Club the Bulk Club and bulkmails.org have been gatecrashed by activists from organisations like Spamhaus. Steve Linford of Spamhaus said spammers know this already but they don't know who amongst their number is working for the other side. In theory the members-only forums of these sites is accessible only by invitation and only to individuals who have a proven track record in spamming. Apart from playing with the paranoia of spammers, the undercover investigation cast light on the latest spammer techniques.

Instead of using open mail relays or unscrupulous hosts (so-called 'bullet-proof' hosting - in reality, ISPs in developing countries who pull the plug on spammers when enough complaints are received by their upstream provider), spammers are using compromised machines to get their junk mail out. Viruses such as My-Doom and Bagle surrender the control of infected machines to hackers. This expanding network of infected, zombie PCs can be used either for spam distribution or as platforms for DDoS attacks, such as those that many online bookies have suffered in recent months.

Trade in PCs for DDoS attacks typically happens in more anonymous IRC channels, but spammers are tapping into the same resource.

Lists of virus-infected PCs ('fresh proxies' in spammer parlance) are commonly traded in spammer clubs along with spamware (bulk mailing software), according to Linford. He explained that software like Dynamic Mail Sending is specifically designed to send spam through proxies.

"This software rotates through a list of addresses, perhaps sending 10,000 messages from each machine," Linford explains. Spamhaus has established an Exploit Black Lists of compromised hosts, often broadband users, but the latest spam software checks this and goes on the next address if a machine is blacklisted. "With thousands of machines on a list its easy to abandon a few," said Linford.

He explained that traders sell lists, which they try to clean using automated software, to many people. The lists aren't generally exclusive. PCs compromised by MyDoom and the like contact their authors by email or over IRC.

"People selling these fresh proxies are either the virus writers themselves or someone very close to them. I don't know how ties between spammers and virus writers was first forged but there is clearly a strong link there," he added. ®

Related stories

Phatbot arrest throws open trde in zombie PCs
The illicit trade in compromised PCs
Mafia recruiting spammers, crackers, AV chief warns
Big US ISPs set legal attack dogs on big, bad spammers

Intelligent flash storage arrays

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Managing SSL certificates with ease
The lack of operational efficiencies and compliance pitfalls associated with poor SSL certificate management, and how the right SSL certificate management tool can help.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.