Archive for Monday, February 16, 2004

Spammers take advantage of home PCs

Poorly-guarded computers help relay unwanted messages

February 16, 2004


— Next time you're looking for a culprit for all that junk mail flooding your inbox, have a glance in the mirror.

Spammers are increasingly exploiting home computers with high-speed Internet connections into which they've cleverly burrowed.

E-mail security companies estimate that between one-third and two-thirds of unwanted messages are relayed unwittingly by PC owners who set up software incorrectly or fail to secure their machines.

David Lawrence, 43, owns such a computer, which turned into a "spam zombie" when a virus infected it in October. Five or six spammers were using his cable modem to remotely send pitches for products like Viagra and boosters for cell phone signals.

"Spammers and the people who write these viruses ... is their life so void that they feel they have to mess up other people?," Lawrence said. "To me, it's criminal."

The self-employed businessman from Tifton, Ga., said he first learned of his computer's culpability when his Internet service got suspended. "I called to find out what was going on because I knew I had the bill paid," he said.

Lawrence is by no means alone.

Hundreds of thousands of computers worldwide have been infected by SoBig and other viruses that are programmed to spawn gateways, known technically as proxies, to relay spam. Though Lawrence had anti-virus software, he hadn't kept it updated.

It's ironic to Lawrence Baldwin, president of the security Web site, that those afflicted by spam also are often its couriers.

"That's further encouragement, justification for taking responsibility for your own system," Baldwin said. "If you don't, you can be part of the very problem you're complaining about."

Any Internet-connected computer could be running a proxy spam relay, but most of the malicious programs are written specifically for PCs that run Windows.

In the past, some spammers had sought out and exploited Internet-connected computers with misconfigured networking software. The latest and growing threat is code purposely written to create spam relay proxies as it is spread by malicious viruses.

David Lawrence shows SpyBot, a program he uses to search for and
delete spam on his computer in Tifton, Ga. Lawrence&squot;s computer was
turned into a "spam zombie" when a virus infected it in October.

David Lawrence shows SpyBot, a program he uses to search for and delete spam on his computer in Tifton, Ga. Lawrence's computer was turned into a "spam zombie" when a virus infected it in October.

"It's just going to get worse," said Ken Schneider, chief technology officer at spam-filtering company Brightmail Inc.

"Traditionally, virus writers were driven more by reputation and trying to impress each other. Now there's an economic motive."

Just last week, a proxy program called Mitglieder began installing itself on computers infected by last month's Mydoom outbreak, said Mikko Hypponen, manager of anti-virus research at F-Secure Corp. in Finland. He said such programs also can sneak in if computer owners fail to install patches to fix known flaws.

The shift in spamming methods even prompted the Federal Trade Commission to issue a consumer alert last month. The advisory encouraged consumers to use anti-virus and firewall programs and to check "sent mail" folders for suspicious messages.

Others say home users also should keep their Windows operating systems up to date by visiting

"If your computer has been taken over by a spammer, you could face serious problems," the FTC advisory wrote. "Your Internet Service Provider (ISP) may prevent you from sending any e-mail at all until the virus is treated, and treatment could be a complicated, time-consuming process."

In the early days, spammers sent out junk messages directly from their machines. ISPs easily found them and closed their accounts.

Spammers then looked for so-called open relays.

These are typically mail servers at ISPs, often in Asia or South America, carelessly configured so that anyone on the Internet can send mail through them without needing a password. The relays make messages appear to have come from an ISP, not the spammer.

But ISPs and anti-spam activists soon identified many of the open-relay machines and either pressured their owners to stop or blocked messages from them.

Stymied by a more concerted effort by ISPs to lock down their Internet mail servers, the spammers turned to the less protected home machines.

They are abundant and simple to find. Spammers can cover their tracks and become virtually untraceable.

"It pains me to say it, but it's very clever of the spammer to have thought of this, getting legitimate PCs to send spam on their behalf," said Andrew Lochart, director of product marketing at e-mail security company Postini Inc.

Steve Atkins, chief technology officer at the anti-spam consultancy Word to the Wise LLC, said some ISPs continue to be plagued by open-relay techniques, but spammers generally don't bother with them anymore because it's so much easier to have success with home machines.

Where much of the spam previously flowed through China, South Korea, Brazil and other countries whose ISPs left many relays open, it's now being hastened by a North American trend: more high-speed cable and DSL connections at home.

Commenting has been disabled for this item.