Feeds

Spam fighters infiltrate spam clubs

Tales from the underground

  • alert
  • submit to reddit

Securing Web Applications Made Simple and Scalable

Spam fighters are gaining vital clues in the battle to keep in-boxes clean of junk mail by infiltrating spammer clubs.

Online spammer forums like the Pro Bulk Club the Bulk Club and bulkmails.org have been gatecrashed by activists from organisations like Spamhaus. Steve Linford of Spamhaus said spammers know this already but they don't know who amongst their number is working for the other side. In theory the members-only forums of these sites is accessible only by invitation and only to individuals who have a proven track record in spamming. Apart from playing with the paranoia of spammers, the undercover investigation cast light on the latest spammer techniques.

Instead of using open mail relays or unscrupulous hosts (so-called 'bullet-proof' hosting - in reality, ISPs in developing countries who pull the plug on spammers when enough complaints are received by their upstream provider), spammers are using compromised machines to get their junk mail out. Viruses such as My-Doom and Bagle surrender the control of infected machines to hackers. This expanding network of infected, zombie PCs can be used either for spam distribution or as platforms for DDoS attacks, such as those that many online bookies have suffered in recent months.

Trade in PCs for DDoS attacks typically happens in more anonymous IRC channels, but spammers are tapping into the same resource.

Lists of virus-infected PCs ('fresh proxies' in spammer parlance) are commonly traded in spammer clubs along with spamware (bulk mailing software), according to Linford. He explained that software like Dynamic Mail Sending is specifically designed to send spam through proxies.

"This software rotates through a list of addresses, perhaps sending 10,000 messages from each machine," Linford explains. Spamhaus has established an Exploit Black Lists of compromised hosts, often broadband users, but the latest spam software checks this and goes on the next address if a machine is blacklisted. "With thousands of machines on a list its easy to abandon a few," said Linford.

He explained that traders sell lists, which they try to clean using automated software, to many people. The lists aren't generally exclusive. PCs compromised by MyDoom and the like contact their authors by email or over IRC.

"People selling these fresh proxies are either the virus writers themselves or someone very close to them. I don't know how ties between spammers and virus writers was first forged but there is clearly a strong link there," he added. ®

Related stories

Phatbot arrest throws open trde in zombie PCs
The illicit trade in compromised PCs
Mafia recruiting spammers, crackers, AV chief warns
Big US ISPs set legal attack dogs on big, bad spammers

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.