Rise of the spam zombies

Monday, 28 April 2003, 3:00 AM EST

Pressed by increasingly effective anti-spam efforts, senders of unsolicited commercial e-mail are resorting to outright criminality in their efforts to conceal the source of their ill-sent missives, using Trojan horses to turn the computers of innocent netizens into secret spam zombies.

"This is the newest delivery mechanism," says Margie Arbon, director of operations of anti-spam group MAPS. "I've been looking for it for a year, and in the last couple of months people have actually found Trojans that are doing it... They're carrying their own SMTP engines. Failing that, they install open proxy software."

One of those programs popped up last week. Named "Proxy-Guzu," when executed by an unwitting user the Trojan listens on a randomly-chosen port and uses its own built-in mail client to dash off a message to a Hotmail account, putting the port number and victim's IP address in the subject line. The spammer takes it from there, routing as much e-mail as he or she likes through the captured computer, knowing that any efforts to trace the source of the spam will end at the victim's Internet address.

Trojan horses generally rely on their wielder's ability to trick innocent people into executing them. Proxy-Guzu, naturally, arrives as spam -- in one sighting the program was offered as a naughty peek at an online webcam.

[ Read more ]


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th