Posted on 16-6-2003

Pornographers Hijack Home Computers
by Stuart Millar, Friday June 13, 2003, The Guardian

British experts have found the first hard evidence that hundreds of thousands of computers were deliberately infected with viruses by spammers who used the machines to distribute pornography and junk mail.

The Gloucester-based computer security firm MessageLabs established that a virus which was sent to up to 1 million computer users over two days last week was the work of a spammer trying to gain access to machines to distribute ads for websites carrying incest pornography. Internet security experts and anti-spam campaigners have suspected for some time that spammers would use viruses to access computers, but the MessageLabs investigation is the first conclusive proof. Matt Sergeant, the company's senior anti-spam technologist, told the Guardian: "This is a massive discovery. It completely undermines the spammers' claim that they are legitimate marketers and shows that they are nasty insidious hijackers who drive me and the vast majority of computer users nuts."

The spammer who sent the virus put spoof email addresses in the "from" line, using domains owned by the Hong Kong-based webmail company Outblaze, which has about 30 million customers worldwide and owns domains such as email.com and usa.com. Suresh Ramasubramanian, Outblaze's postmaster, said: "This is a very disturbing trend. For our customers it is doubly infuriating because not only are they receiving the most disgusting spam they are also discovering that their computers are being hijacked illegally to send the stuff out."

The discovery came amid dire predictions about the future of email if spam is allowed to proliferate at the current rate. Last month it accounted for almost 50% of all emails sent, according to anti-spam company Brightmail, clogging up millions of inboxes with unsolicited adverts for penis enlargement potions, lottery games, cheap mortgages and extreme - and often illegal - pornography. Although most people deleted the emails instantly, a response rate of as low as one in 100,000 is enough for the spammers to make a profit. As consumer confidence in the email system is eroded by spam, there is also growing concern about the indiscriminate nature of the material. A survey this week by computer security firm Symantec found that 80% of under-18s received "inappropriate email" every day.

But it is the new evidence that the spammers have strayed into the highly illegal world of computer hacking that is likely to provoke most fury.The "trojan virus" involved attempted to exploit a vulnerability on Windows PCs known as an open proxy. Proxy servers are designed to allow the machine to link to the internet through a local network, but if left open they allow a back door into the computer for hackers. A substantial number of open proxies are found on home PCs because they are installed open by default by software companies. Users are generally unaware of the security risks they are running.

The expansion of "always on" broadband internet connections has made life easier for the spammers, who have developed sophisticated software which scans the internet to find open proxies. Up to 65% of spam is distributed using this method. With anti-spam companies and internet service providers becoming better at detecting and closing open proxies, the spammers are being forced to use viruses to break into computers and open up the proxy server to allow them to continue to expand their spam output. "Open proxies are becoming the spammers' lifeline so they are always looking for more. Now we know how they are going about it," said Mr Sergeant.

Further research by MessageLabs suggested that the Outblaze attack was not an isolated incident. The company found that more than 160,000 computers which had sent out a virus since January 1 also sent out spam. Last night anti-spam campaigners called for law enforcement agencies to crack down on anybody who used viruses to break into computers and distributed junk mail. Steve Linford, who runs the UK-based Spamhaus Project, which specialises in blocking unsolicited junk mail by tracing it back to its source, said: "They are already sending out about 50m spam emails a day, and now we can see that they are clearly prepared to go to any lengths to send even more. This is unambiguously illegal so whoever did this should face criminal charges."

Unfortunately, it may not be that simple. MessageLabs has so far been unable to establish the identity of the spammer.

One reason spammers are so fond of hijacking open proxies is that they make it virtually impossible for the true source of the junk mail to be traced. There are also political hurdles. The EU is to introduce laws to curb spamming in October, but the world's 150 most prolific junk mailers are all based around one town in Florida, where there are no anti-spamming laws. "The bad news is that there is no technical solution to this problem - there are only palliatives that lessen the pain a little bit," said Richard Clayton, a Cambridge University computer security expert and trustee of the Foundation for Information Policy Research, who receives up to 5,000 spam messages every day. "It is up to the British and other governments to put pressure on the US and force them to pass proper laws that will stop these people operating for good."