Feeds

Spam fighters infiltrate spam clubs

Tales from the underground

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Spam fighters are gaining vital clues in the battle to keep in-boxes clean of junk mail by infiltrating spammer clubs.

Online spammer forums like the Pro Bulk Club the Bulk Club and bulkmails.org have been gatecrashed by activists from organisations like Spamhaus. Steve Linford of Spamhaus said spammers know this already but they don't know who amongst their number is working for the other side. In theory the members-only forums of these sites is accessible only by invitation and only to individuals who have a proven track record in spamming. Apart from playing with the paranoia of spammers, the undercover investigation cast light on the latest spammer techniques.

Instead of using open mail relays or unscrupulous hosts (so-called 'bullet-proof' hosting - in reality, ISPs in developing countries who pull the plug on spammers when enough complaints are received by their upstream provider), spammers are using compromised machines to get their junk mail out. Viruses such as My-Doom and Bagle surrender the control of infected machines to hackers. This expanding network of infected, zombie PCs can be used either for spam distribution or as platforms for DDoS attacks, such as those that many online bookies have suffered in recent months.

Trade in PCs for DDoS attacks typically happens in more anonymous IRC channels, but spammers are tapping into the same resource.

Lists of virus-infected PCs ('fresh proxies' in spammer parlance) are commonly traded in spammer clubs along with spamware (bulk mailing software), according to Linford. He explained that software like Dynamic Mail Sending is specifically designed to send spam through proxies.

"This software rotates through a list of addresses, perhaps sending 10,000 messages from each machine," Linford explains. Spamhaus has established an Exploit Black Lists of compromised hosts, often broadband users, but the latest spam software checks this and goes on the next address if a machine is blacklisted. "With thousands of machines on a list its easy to abandon a few," said Linford.

He explained that traders sell lists, which they try to clean using automated software, to many people. The lists aren't generally exclusive. PCs compromised by MyDoom and the like contact their authors by email or over IRC.

"People selling these fresh proxies are either the virus writers themselves or someone very close to them. I don't know how ties between spammers and virus writers was first forged but there is clearly a strong link there," he added. ®

Related stories

Phatbot arrest throws open trde in zombie PCs
The illicit trade in compromised PCs
Mafia recruiting spammers, crackers, AV chief warns
Big US ISPs set legal attack dogs on big, bad spammers

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.