Someone could be
turning your PC into spam machine
Poorly guarded home computers can become "zombies" that spew commercial
messages.
By Anick Jesdanun, Associated Press, 2/19/04
Next time you're looking for a culprit for all that junk mail flooding
your inbox, have a glance in the mirror. Spammers are increasingly
exploiting home computers with high-speed Internet connections into which
they've cleverly burrowed. E-mail security companies estimate that
one-third to two-thirds of unwanted messages are relayed unwittingly by PC
owners who set up software incorrectly or fail to secure their machines.
David Lawrence, 43, owns such a computer, which turned into a "spam
zombie" when a virus infected it in October. Five or six spammers were
using his cable modem to remotely send pitches for products like Viagra.
"Spammers and the people who write these viruses... is their life so void
that they feel they have to mess up other people?" Lawrence asked. "To me,
it's criminal." The self-employed businessman from Tifton, Ga., said he
learned of his computer's culpability when his Internet service got
suspended. "I called to find out what was going on, because I knew I had
the bill paid," he said.
Hundreds of thousands of computers worldwide have been infected by "SoBig"
and other viruses that are programmed to spawn gateways, known technically
as proxies, to relay spam. Though Lawrence had antivirus software, he had
not kept it updated.
Any Internet-connected computer could be running a proxy spam relay, but
most of the malicious programs are written specifically for PCs that run
Windows.
In the past, some spammers sought out and exploited Internet-connected
computers with misconfigured networking software. The latest and growing
threat is code purposely written to create spam-relay proxies as it is
spread by malicious viruses.
"It's just going to get worse," said Ken Schneider, chief technology
officer at spam-filtering company Brightmail Inc. "Traditionally, virus
writers were driven more by reputation and trying to impress each other.
Now there's an economic motive."
Just last week, a proxy program called Mitglieder began installing itself
on computers infected by last month's "MyDoom" outbreak, said Mikko
Hypponen, manager of antivirus research at F-Secure Corp. in Finland. He
said such programs could also sneak in if computer owners failed to
install patches to fix known Windows flaws. The shift in spamming methods
even prompted the Federal Trade Commission to issue a consumer alert last
month. The advisory encouraged consumers to use antivirus and firewall
programs and to check "sent mail" folders for suspicious messages.
Others say home users should also keep their Windows operating systems up
to date by visiting http://windowsupdate.microsoft.com.
"If your computer has been taken over by a spammer, you could face serious
problems," the FTC advisory wrote. "Your Internet Service Provider [ISP]
may prevent you from sending any e-mail at all until the virus is treated,
and treatment could be a complicated, time-consuming process."
In the early days of spam, spammers sent out junk messages directly from
their machines. ISPs easily found them and closed their accounts. Spammers
then looked for so-called open relays. These are typically mail servers at
ISPs, often in Asia or South America, carelessly configured so that anyone
on the Internet can send mail through them without needing a password. The
relays make messages appear to have come from an ISP, not the spammer. But
ISPs and anti-spam activists soon identified many of the open-relay
machines and either pressured their owners to stop or blocked messages
from them. Stymied by a more concerted effort by ISPs to lock down their
Internet mail servers, the spammers turned to the less vigorously
protected home machines.
Where much of the spam previously flowed through China, South Korea,
Brazil, and other countries whose ISPs left many relays open, it's now
being hastened by a North American trend: more high-speed cable and DSL
connections at home. Such proxies are especially frustrating for ISPs to
identify and block, said Mary Youngblood, abuse team manager at EarthLink
Inc., a large, national ISP. She said some stay open only for a few hours
and disappear by the time ISPs catch on, while newer ones reconfigure
themselves constantly like chameleons on a single machine. The more
versatile the open proxy, the longer it takes to isolate.
John Levine, coauthor of Fighting Spam for Dummies, said the proliferation
of proxies could force ISPs to take such measures as limiting how many
messages a customer can send in a given time period. In the meantime, ISPs
are often being forced to cut off their own customers. "As a customer, to
have someone just arbitrarily shut me off, that would more than mildly
displease me," said Walt Wyndroski, network operations manager for CityNet,
which had shut down Lawrence. "We try to think from the customer's
standpoint, but we also have to look at the larger view of the health of
the network itself." |
Top of page |
Index of Computer Notes
|
