Spammers Hijack ISPs To Send Bogus Campaign Ads

[InfoSec News <isn () C4I ORG>]

http://www.newsbytes.com/pubNews/00/156676.html

By Brian Krebs, Newsbytes
WASHINGTON, DC, U.S.A.,
13 Oct 2000, 4:32 PM CST

Palo Alto, Calif. based e-mail marketer ClickAction Inc. today said it
was working with the FBI and several Internet service providers to
determine the source of a series of "spam" attacks, wherein millions
of bogus political campaign e-mail messages were sent via hijacked
third party servers.

ClickAction said the unsolicited e-mail campaigns appear to have
started on Monday and have continued through today. The company said
the messages, sent via numerous third-party ISP servers, include
references to a ClickAction hosted Web site. The permission-based
e-mail marketer said the messages were not in any way authorized or
sent by ClickAction.

ClickAction Senior Product Manager Dan Flanegan would not confirm the
nature of the spammed messages, but would only say there were related
to a political campaign that had contracted with the company.

"Obviously messages that are political in nature are much more likely
to fall into the hands of someone who would do something like this,"
he said. "The messages weren't defaming. It was more that some of the
content was copied and altered to a certain degree from the original
e-mail message."

A search on http://www.dejanews.com turned up several rantings from
irate Web users complaining of the spam campaign, which apparently
involved a GOP candidate.

Flanegan said he had no idea why someone would perpetrate such a hoax.

"You could probably come up with a million reasons why. Maybe they
wanted to brand us or our client as a spammer, I don't know," he said.

Eric Fagan, a network administrator for Cox Communications, one of the
ISPs unwittingly used in the attacks, said he noticed the first signs
of the spam campaign on Monday.

"It is clearly the work of a motivated professional," he said. "The
perpetrators have been mapping our network to determine which of our
customers' email servers they could utilize."

A spokesperson for the FBI's San Francisco field office confirmed the
bureau's investigation, but declined to offer further comment.

The investigation comes at a time when both Democrats and Republicans
are taking heat for getting out their message through unsolicited
e-mail campaigns. Both parties are using a different twist on the
"viral marketing" ploy to encourage voters to forward political e-mail
messages to as many friends as possible.

"It seems every time the election season comes around political
candidates get stupid when it comes to e-mail," said John Mozena,
co-founder and vice president of the Coalition Against Unsolicited
Commercial E-Mail (CAUCE). "It really is just bipartisan stupidity,
because it doesn't seem to be limited to any one party or level."

Mozena said this campaign is no different than two years ago, when a
raft of major party gubernatorial candidates, and even candidates for
local judgeships, were spamming any e-mail address they could find to
drum up votes.

"It's too bad, because this kind of things really shows a lack of
understanding of how Internet works and what people using the Internet
are accustomed to," Mozena said. "Let's face it: If a candidate is
dumb enough to spam, they're probably not smart enough to get
elected."

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".