[ISN] Hackers May Profit From Spam

From: InfoSec News (isnat_private)
Date: Tue Jul 03 2001 - 01:05:47 PDT

  • Next message: InfoSec News: "[ISN] Group Unveils Solaris Security Standards"

    http://www.zdnet.com/intweek/stories/news/0,4164,2781893,00.html
    
    By Max Smetannikov, 
    Interactive Week
    July 2, 2001 1:20 PM ET 
    
    Several small Internet service providers have been shocked to see some
    of their most unlikely users turn into spammers. But it turns out the
    users are unwitting tools of a new virus that experts say is the first
    case they've seen of hackers finding a way to commercially exploit
    their skills.
    
    The scheme - seemingly spread across desktops in the form of a virus -
    was tested by hackers throughout June, apparently to explore the
    possibility of infecting home machines with software that would
    generate unsolicited bulk e-mail without the knowledge of the
    machines' owners.
    
    "I believe it was a dry run," said Michael Reaves, systems
    administrator at Adimpleo/FirstNetSecurity.com. Reaves' organization
    registered the first case of a "spamming trojan" on June 14, in the
    San Francisco Bay area, on Excite@Home's network. He believes a
    commercial version will soon be launched.
    
    The virus was designed with a simple succession of points and clicks,
    using a widely available worm-writing tool such as The Visual Basic
    Worm Generator, experts believe. The virus carries a trojan - a piece
    of hacker software that installs itself on users' machines after an
    e-mail attachment is downloaded.
    
    The trojan - nicknamed the spamming trojan for its function - then
    generates spam e-mails from users' accounts, using their names and
    targeting the people to whom they send e-mail. Got an e-mail from your
    grandmom advertising the services of an adult Web site? Don't get mad
    - her computer's been infected by the spamming trojan virus.
    
    It's the unlikely nature of the users who turned into spammers
    overnight that caught network administrators' attention in the first
    place.
    
    "I got an abuse report from somebody in Florida and was very
    surprised, because we run a very clear network and got just three
    abuse reports in three years," said Don Lashier, owner of Newport
    Internet in Oregon. "I checked into it, and the spammer was this
    middle-age woman we know well." Newport Internet has only 1,000 users,
    and Lashier knows many personally.
    
    Further investigation revealed the user was unwittingly generating
    spam, seemingly advertising services on an adult Web site - with one
    caveat: The ad had no HyperText Transfer Protocol links, leading
    Lashier to believe a spamming trojan was being tested.
    
    While individual users generate very little spam - three or four
    messages per day - Reaves believes the problem is amplified by the
    proliferation of distributed, remote systems management tools, which
    have been used in the past to launch denial-of-service attacks. This
    time, hackers could use the same topology to generate massive volumes
    of spam.
    
    "Hackers now can make money," Reaves said.
    
    Jupiter Research estimates the volume of opt-in e-mail will reach 268
    billion messages by 2005, generating revenue of $7.3 billion. Security
    experts say some of this cash is bound to end up in spammers' pockets.
    
    The spamming trojan could be prevented by users installing filters to
    block spam and viruses or by ISPs taking measures to curb spam and
    increase security.
    
    
    
    
    ISN is hosted by SecurityFocus.com
    ---
    To unsubscribe email isn-unsubscribeat_private
    



    This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 01:13:47 PDT