Feeds

Spam fighters infiltrate spam clubs

Tales from the underground

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Spam fighters are gaining vital clues in the battle to keep in-boxes clean of junk mail by infiltrating spammer clubs.

Online spammer forums like the Pro Bulk Club the Bulk Club and bulkmails.org have been gatecrashed by activists from organisations like Spamhaus. Steve Linford of Spamhaus said spammers know this already but they don't know who amongst their number is working for the other side. In theory the members-only forums of these sites is accessible only by invitation and only to individuals who have a proven track record in spamming. Apart from playing with the paranoia of spammers, the undercover investigation cast light on the latest spammer techniques.

Instead of using open mail relays or unscrupulous hosts (so-called 'bullet-proof' hosting - in reality, ISPs in developing countries who pull the plug on spammers when enough complaints are received by their upstream provider), spammers are using compromised machines to get their junk mail out. Viruses such as My-Doom and Bagle surrender the control of infected machines to hackers. This expanding network of infected, zombie PCs can be used either for spam distribution or as platforms for DDoS attacks, such as those that many online bookies have suffered in recent months.

Trade in PCs for DDoS attacks typically happens in more anonymous IRC channels, but spammers are tapping into the same resource.

Lists of virus-infected PCs ('fresh proxies' in spammer parlance) are commonly traded in spammer clubs along with spamware (bulk mailing software), according to Linford. He explained that software like Dynamic Mail Sending is specifically designed to send spam through proxies.

"This software rotates through a list of addresses, perhaps sending 10,000 messages from each machine," Linford explains. Spamhaus has established an Exploit Black Lists of compromised hosts, often broadband users, but the latest spam software checks this and goes on the next address if a machine is blacklisted. "With thousands of machines on a list its easy to abandon a few," said Linford.

He explained that traders sell lists, which they try to clean using automated software, to many people. The lists aren't generally exclusive. PCs compromised by MyDoom and the like contact their authors by email or over IRC.

"People selling these fresh proxies are either the virus writers themselves or someone very close to them. I don't know how ties between spammers and virus writers was first forged but there is clearly a strong link there," he added. ®

Related stories

Phatbot arrest throws open trde in zombie PCs
The illicit trade in compromised PCs
Mafia recruiting spammers, crackers, AV chief warns
Big US ISPs set legal attack dogs on big, bad spammers

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.