Hackers May Profit From Spam

[InfoSec News <isn () c4i org>]

http://www.zdnet.com/intweek/stories/news/0,4164,2781893,00.html

By Max Smetannikov, 
Interactive Week
July 2, 2001 1:20 PM ET 

Several small Internet service providers have been shocked to see some
of their most unlikely users turn into spammers. But it turns out the
users are unwitting tools of a new virus that experts say is the first
case they've seen of hackers finding a way to commercially exploit
their skills.

The scheme - seemingly spread across desktops in the form of a virus -
was tested by hackers throughout June, apparently to explore the
possibility of infecting home machines with software that would
generate unsolicited bulk e-mail without the knowledge of the
machines' owners.

"I believe it was a dry run," said Michael Reaves, systems
administrator at Adimpleo/FirstNetSecurity.com. Reaves' organization
registered the first case of a "spamming trojan" on June 14, in the
San Francisco Bay area, on Excite@Home's network. He believes a
commercial version will soon be launched.

The virus was designed with a simple succession of points and clicks,
using a widely available worm-writing tool such as The Visual Basic
Worm Generator, experts believe. The virus carries a trojan - a piece
of hacker software that installs itself on users' machines after an
e-mail attachment is downloaded.

The trojan - nicknamed the spamming trojan for its function - then
generates spam e-mails from users' accounts, using their names and
targeting the people to whom they send e-mail. Got an e-mail from your
grandmom advertising the services of an adult Web site? Don't get mad
- her computer's been infected by the spamming trojan virus.

It's the unlikely nature of the users who turned into spammers
overnight that caught network administrators' attention in the first
place.

"I got an abuse report from somebody in Florida and was very
surprised, because we run a very clear network and got just three
abuse reports in three years," said Don Lashier, owner of Newport
Internet in Oregon. "I checked into it, and the spammer was this
middle-age woman we know well." Newport Internet has only 1,000 users,
and Lashier knows many personally.

Further investigation revealed the user was unwittingly generating
spam, seemingly advertising services on an adult Web site - with one
caveat: The ad had no HyperText Transfer Protocol links, leading
Lashier to believe a spamming trojan was being tested.

While individual users generate very little spam - three or four
messages per day - Reaves believes the problem is amplified by the
proliferation of distributed, remote systems management tools, which
have been used in the past to launch denial-of-service attacks. This
time, hackers could use the same topology to generate massive volumes
of spam.

"Hackers now can make money," Reaves said.

Jupiter Research estimates the volume of opt-in e-mail will reach 268
billion messages by 2005, generating revenue of $7.3 billion. Security
experts say some of this cash is bound to end up in spammers' pockets.

The spamming trojan could be prevented by users installing filters to
block spam and viruses or by ISPs taking measures to curb spam and
increase security.




ISN is hosted by SecurityFocus.com
---
To unsubscribe email isn-unsubscribe () SecurityFocus com.