http://www.thestate.com/mld/thestate/business/technology/5902697.htm By Saul Hansell New York Times May 20, 2003 The Flint Hills School, a prep academy in Oakton, Va., might seem an unlikely place to find an Internet spammer. But late last year, technicians at America Online were able to trace the origin of a new torrent of spam, or unsolicited e-mail advertisements, to the school's computer network. On further investigation, though, AOL determined that the spammers were not enterprising students or moonlighting teachers. Instead, a spam-flinging hacker -- who still has not been found -- had exploited a software vulnerability to use the school's computers to relay spam while hiding the e-mail's true origins. It was not an isolated incident. As spam has proliferated -- and with it the attempts by big Internet providers to block messages sent from the addresses of known spammers -- many mass e-mailers have become more clever in avoiding the blockades by aggressively bouncing messages off the computers of unaware third parties. In the past two years, more than 200,000 computers worldwide have been hijacked without the owner's knowledge and are currently being used to forward spam, according to AOL and other Internet service providers. And each day thousands of additional PCs are compromised at companies, institutions and -- most commonly of all -- homes with high-speed Internet connections shared by two or more computers. Mostly, the spammers are exploiting security holes in existing software, but increasingly they are covertly installing e-mail forwarding software, much like a computer virus. ``This is not about a hacker trying to show off, or give you a hard time,'' said William Hancock, the chief security officer for Cable & Wireless, the British telecommunications company. ``This is about money. As long as there are people who want spam to go out, this is not going to go away.'' Spam fighters say that some software is too easy to exploit and should be fixed. Moreover, computer users can take technical precautions to safeguard their machines. But not everyone will bother to take those steps, even if they discover they have been dragooned into the spammers' global army. Most users do not see much effect when their computer has been co-opted. Surfing the Web from the victimized computer may be slower than usual, but that is not always easy to detect. The only way most users even become aware of such hijackings is when they receive telephone calls or e-mail from their Internet service providers saying a piece of spam was traced back to their machines. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Wed May 21 2003 - 08:03:57 PDT