Posted on 28-4-2003
Rise
Of The Spam Zombies
By Kevin Poulsen, SecurityFocus,
27/04/2003 at 09:56 GMT
Pressed by increasingly effective anti-spam efforts, senders
of unsolicited commercial e-mail are resorting to outright criminality
in their efforts to conceal the source of their ill-sent missives,
using Trojan horses to turn the computers of innocent netizens
into secret spam zombies.
"This is the newest delivery mechanism," says Margie
Arbon, director of operations of anti-spam group MAPS. "I've
been looking for it for a year, and in the last couple of months
people have actually found Trojans that are doing it... They're
carrying their own SMTP engines. Failing that, they install
open proxy software."
One of those programs popped up last week. Named "Proxy-Guzu,"
when executed by an unwitting user the Trojan listens on a randomly-chosen
port and uses its own built-in mail client to dash off a message
to a Hotmail account, putting the port number and victim's IP
address in the subject line. The spammer takes it from there,
routing as much e-mail as he or she likes through the captured
computer, knowing that any efforts to trace the source of the
spam will end at the victim's Internet address.
Trojan horses generally rely on their wielder's ability to trick
innocent people into executing them. Proxy-Guzu, naturally,
arrives as spam -- in one sighting the program was offered as
a naughty peek at an online webcam.
One early victim of the malware, posting to an anti-virus message
board, says he detected it only when his desktop firewall program
alerted him to large quantities of outgoing e-mail messages
sent to unfamiliar addresses, with subject lines like "Don't
tell your parents about this!" and "your bill."
'Untraceable'
Spammers are borrowing the trick from the method electronic
vandals use to create computer armies capable of launching distributed
denial of service (DDoS) attacks against webservers. What may
have been the first Trojan horse custom-tailored for spammers
emerged last November: called "Jeem," it grants the
perpetrator full access to a victim computer, but also includes
a built-in SMTP server to facilitate e-mail laundering.
Arbon says the spam worlds' plunge into adolescent hacking techniques
is a result of spammers enjoying fewer and fewer online havens
from which to operate. "With the filters and the lists
and heurists and all the mechanisms out there people are using,
I think the people that are trying to find a way to get the
mail delivered are resorting to alternative tactics," she
says. "It's untraceable. I hate to put that in print, but
it's the truth."
Of course, it also puts the spammers squarely on the wrong side
of the law. "As a general rule it's legal to send someone
an e-mail even if they don't want it," says Mark Rasch,
a former Justice Department computer crime attorney. "But
once you break into their computer and get their computer to
send e-mail to someone else, then you're violating federal and
state computer crime laws."
|