Posted on 16-6-2003
Pornographers
Hijack Home Computers
by Stuart Millar, Friday June 13, 2003, The
Guardian
British experts have found the first hard evidence that hundreds
of thousands of computers were deliberately infected with viruses
by spammers who used the machines to distribute pornography
and junk mail.
The Gloucester-based computer security firm MessageLabs established
that a virus which was sent to up to 1 million computer users
over two days last week was the work of a spammer trying to
gain access to machines to distribute ads for websites carrying
incest pornography. Internet security experts
and anti-spam campaigners have suspected for some time that
spammers would use viruses to access computers, but the MessageLabs
investigation is the first conclusive proof. Matt Sergeant,
the company's senior anti-spam technologist, told the Guardian:
"This is a massive discovery. It completely undermines
the spammers' claim that they are legitimate marketers and shows
that they are nasty insidious hijackers who drive me and the
vast majority of computer users nuts."
The spammer who sent the virus put spoof email addresses in
the "from" line, using domains owned by the Hong Kong-based
webmail company Outblaze, which has about 30 million customers
worldwide and owns domains such as email.com and usa.com. Suresh
Ramasubramanian, Outblaze's postmaster, said: "This is
a very disturbing trend. For our customers it is doubly infuriating
because not only are they receiving the most disgusting spam
they are also discovering that their computers are being hijacked
illegally to send the stuff out."
The discovery came amid dire predictions about the future of
email if spam is allowed to proliferate at the current rate.
Last month it accounted for almost 50% of all emails sent, according
to anti-spam company Brightmail, clogging up millions of inboxes
with unsolicited adverts for penis enlargement potions, lottery
games, cheap mortgages and extreme - and often illegal - pornography.
Although most people deleted the emails instantly, a response
rate of as low as one in 100,000 is enough for the spammers
to make a profit. As consumer confidence in the email system
is eroded by spam, there is also growing concern about the indiscriminate
nature of the material. A survey this week by computer security
firm Symantec found that 80% of under-18s received "inappropriate
email" every day.
But it is the new evidence that the spammers have strayed into
the highly illegal world of computer hacking that is likely
to provoke most fury.The "trojan virus"
involved attempted to exploit a vulnerability on Windows PCs
known as an open proxy. Proxy servers are designed to allow
the machine to link to the internet through a local network,
but if left open they allow a back door into the computer for
hackers. A substantial number of open proxies are found on home
PCs because they are installed open by default by software companies.
Users are generally unaware of the security risks they are running.
The expansion of "always on" broadband internet connections
has made life easier for the spammers, who have developed sophisticated
software which scans the internet to find open proxies. Up to
65% of spam is distributed using this method. With anti-spam
companies and internet service providers becoming better at
detecting and closing open proxies, the spammers are being forced
to use viruses to break into computers and open up the proxy
server to allow them to continue to expand their spam output.
"Open proxies are becoming the spammers' lifeline so they
are always looking for more. Now we know how they are going
about it," said Mr Sergeant.
Further research by MessageLabs suggested that the Outblaze
attack was not an isolated incident. The company found that
more than 160,000 computers which had sent out a virus since
January 1 also sent out spam. Last night anti-spam campaigners
called for law enforcement agencies to crack down on anybody
who used viruses to break into computers and distributed junk
mail. Steve Linford, who runs the UK-based Spamhaus Project,
which specialises in blocking unsolicited junk mail by tracing
it back to its source, said: "They are already sending
out about 50m spam emails a day, and now we can see that they
are clearly prepared to go to any lengths to send even more.
This is unambiguously illegal so whoever did this should face
criminal charges."
Unfortunately, it may not be that simple. MessageLabs has so
far been unable to establish the identity of the spammer.
One reason spammers are so fond of hijacking open proxies is
that they make it virtually impossible for the true source of
the junk mail to be traced. There are also political hurdles.
The EU is to introduce laws to curb spamming in October, but
the world's 150 most prolific junk mailers are all based around
one town in Florida, where there are no anti-spamming laws.
"The bad news is that there is no technical solution to
this problem - there are only palliatives that lessen the pain
a little bit," said Richard Clayton, a Cambridge University
computer security expert and trustee of the Foundation for Information
Policy Research, who receives up to 5,000 spam messages every
day. "It is up to the British and other governments to
put pressure on the US and force them to pass proper laws that
will stop these people operating for good."
|