Spamming using Zombie Nets

Spamming using Zombie Nets 2004-08-03

Posted by clype in Gizmo.
trackback

There is a good chance that your home computer has been 'hijacked' by 'Spammers' if you have one of the Broadband net links, especially when not using a 'firewall' or 'anti-virus' software to protect your PC.

Even if you use 'anti-virus' software but do not keep it up to date, there is every possibility that you are helping to keep 'Spam' alive and spreading.

You could also be helping 'Spammers' if you are one of those people that open up 'attachments' on e-mail messages that turn out to contain 'viruses', rather than the pictures you were promised in a subject line.

'Spammers' are actively seeking out and 'hijacking' home PCs to act as remotely controlled 'relays', or 'Zombies', that pass on their unwanted messages.

'Viruses' such as 'MSBlaster', 'Agobot', 'MyDoom' and 'Sobig' were all written with the aim of converting home PCs to the 'Spammers'' cause. And they have succeeded in huge numbers.

So much so that law enforcement agencies report that 'Zombie' nets can now be hired by the hour to pass on 'Spam' or other unwanted messages.

Huge army.

Technology firm 'Sandvine' estimates that 1 per cent of all the active hosts on the net could be compromised. That means potentially millions of computers waiting to act on the instructions of their 'Spam'-sending 'masters'.

'85 per cent of e-mail leaving "Broadband" residential networks is likely to be "spam"', said Mr.Tom Donnelly, founder of 'Sandvine'.

He reached this estimate by analysing traffic from customers for the tell-tale signs of 'Spam' sent by 'infected' machines.

It is easy to check the scale of infection on many 'Broadband' networks thanks to sites such as 'SenderBase'.

This site shows the number of messages flowing through particular net addresses.

Type in the name of almost any 'Broadband' net service firm and you will find that many of the PCs used by subscribers are sending out as many, and sometimes more, messages as that company's designated e-mail servers.

Given that many 'Broadband' net firms have millions of customers that adds up to a lot of 'Spam'.

Net firms are keen to stamp out the problem because of the bandwidth costs they incur passing on huge amounts of traffic and because net addresses used for 'Spam' are typically blocked by everyone else in the Internet world. 'SenderBase' measures e-mail output by magnitude, just like earthquakes, and a search for the names of British high-speed net firms shows that many addresses are spewing out as many as a million messages per day.

Network trouble.

'It's a big problem', said Mr.Mike Galvin, head of Internet operations at 'BT'.

'"Spammers" do this because if they used their own machine they would be banned from the net'.

'BT' contacts customers directly when it discovers that their PC has been 'compromised' and offers advice about how to 'clean up' their computer and stop it happening again.

'A lot of people genuinely do not know it could happen to them', said Mr.Galvin.

A spokesman for 'NTL' said that it had seen an increase in attempts to create 'Zombie' computers over the last few months.

It said it regularly contacts customers to help them 'sort out' their PC and stop it being used by the 'Spammers'. A spokesman for 'Telewest' said that currently it was tackling between 8 and 10 cases/week of compromised computers.

'We're cracking down quite heavily on open relays and have been for a few months now', she said.

They too talk subscribers through 'cleaning up' a PC, installing 'anti-virus' software and setting up a' firewall'.

'We have gone through "early adopters".

'Now we're getting into the people who maybe do not completely understand that there are a few security implications when using "Broadband"', she said.

'Sandvine's' Mr.Donnelly agreed saying that late adopters of 'Broadband' do not see what they are getting as a 'technology'. Instead, he said, they see it as a 'utility' that they simply 'plug in and use' — unfortunately without care they could find themselves helping the 'Spammers', he said.