Hackers hijack computers remotely in new surge of spam

[InfoSec News <isn () c4i org>]

http://www.thestate.com/mld/thestate/business/technology/5902697.htm

By Saul Hansell
New York Times
May 20, 2003

The Flint Hills School, a prep academy in Oakton, Va., might seem an
unlikely place to find an Internet spammer. But late last year,
technicians at America Online were able to trace the origin of a new
torrent of spam, or unsolicited e-mail advertisements, to the school's
computer network.

On further investigation, though, AOL determined that the spammers
were not enterprising students or moonlighting teachers. Instead, a
spam-flinging hacker -- who still has not been found -- had exploited
a software vulnerability to use the school's computers to relay spam
while hiding the e-mail's true origins.

It was not an isolated incident. As spam has proliferated -- and with
it the attempts by big Internet providers to block messages sent from
the addresses of known spammers -- many mass e-mailers have become
more clever in avoiding the blockades by aggressively bouncing
messages off the computers of unaware third parties.

In the past two years, more than 200,000 computers worldwide have been
hijacked without the owner's knowledge and are currently being used to
forward spam, according to AOL and other Internet service providers.  
And each day thousands of additional PCs are compromised at companies,
institutions and -- most commonly of all -- homes with high-speed
Internet connections shared by two or more computers.

Mostly, the spammers are exploiting security holes in existing
software, but increasingly they are covertly installing e-mail
forwarding software, much like a computer virus.

``This is not about a hacker trying to show off, or give you a hard
time,'' said William Hancock, the chief security officer for Cable &
Wireless, the British telecommunications company. ``This is about
money. As long as there are people who want spam to go out, this is
not going to go away.''

Spam fighters say that some software is too easy to exploit and should
be fixed. Moreover, computer users can take technical precautions to
safeguard their machines. But not everyone will bother to take those
steps, even if they discover they have been dragooned into the
spammers' global army.

Most users do not see much effect when their computer has been
co-opted. Surfing the Web from the victimized computer may be slower
than usual, but that is not always easy to detect.

The only way most users even become aware of such hijackings is when
they receive telephone calls or e-mail from their Internet service
providers saying a piece of spam was traced back to their machines.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.