[ISN] Rise of the Spam Zombies

From: InfoSec News (isnat_private)
Date: Tue Apr 29 2003 - 00:28:45 PDT

  • Next message: InfoSec News: "[ISN] Microsoft Braces for Windows Attacks"

    http://www.theregister.co.uk/content/55/30414.html
    
    By Kevin Poulsen
    SecurityFocus
    Posted: 27/04/2003 
    
    Pressed by increasingly effective anti-spam efforts, senders of
    unsolicited commercial e-mail are resorting to outright criminality in
    their efforts to conceal the source of their ill-sent missives, using
    Trojan horses to turn the computers of innocent netizens into secret
    spam zombies.
    
    "This is the newest delivery mechanism," says Margie Arbon, director
    of operations of anti-spam group MAPS. "I've been looking for it for a
    year, and in the last couple of months people have actually found
    Trojans that are doing it... They're carrying their own SMTP engines.  
    Failing that, they install open proxy software."
    
    One of those programs popped up last week. Named "Proxy-Guzu," when
    executed by an unwitting user the Trojan listens on a randomly-chosen
    port and uses its own built-in mail client to dash off a message to a
    Hotmail account, putting the port number and victim's IP address in
    the subject line. The spammer takes it from there, routing as much
    e-mail as he or she likes through the captured computer, knowing that
    any efforts to trace the source of the spam will end at the victim's
    Internet address.
    
    Trojan horses generally rely on their wielder's ability to trick
    innocent people into executing them. Proxy-Guzu, naturally, arrives as
    spam -- in one sighting the program was offered as a naughty peek at
    an online webcam.
    
    One early victim of the malware, posting to an anti-virus message
    board, says he detected it only when his desktop firewall program
    alerted him to large quantities of outgoing e-mail messages sent to
    unfamiliar addresses, with subject lines like "Don't tell your parents
    about this!" and "your bill."
    
    'Untraceable'
    
    Spammers are borrowing the trick from the method electronic vandals
    use to create computer armies capable of launching distributed denial
    of service (DDoS) attacks against webservers. What may have been the
    first Trojan horse custom-tailored for spammers emerged last November:  
    called "Jeem," it grants the perpetrator full access to a victim
    computer, but also includes a built-in SMTP server to facilitate
    e-mail laundering.
    
    Arbon says the spam worlds' plunge into adolescent hacking techniques
    is a result of spammers enjoying fewer and fewer online havens from
    which to operate. "With the filters and the lists and heurists and all
    the mechanisms out there people are using, I think the people that are
    trying to find a way to get the mail delivered are resorting to
    alternative tactics," she says. "It's untraceable. I hate to put that
    in print, but it's the truth."
    
    Of course, it also puts the spammers squarely on the wrong side of the
    law. "As a general rule it's legal to send someone an e-mail even if
    they don't want it," says Mark Rasch, a former Justice Department
    computer crime attorney. "But once you break into their computer and
    get their computer to send e-mail to someone else, then you're
    violating federal and state computer crime laws."
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Apr 29 2003 - 02:35:06 PDT