You've got spam (very likely from a hijacked computer)

Wednesday, 21 May 2003, 11:29 AM EST

The Flint Hill School, a preparatory academy in Oakton, Virginia, might seem an unlikely place to find an Internet spammer. But late last year, America Online traced a new torrent of spam, or unsolicited e-mail ads, to the school's computer network.

On further investigation, AOL, the Internet division of AOL Time Warner Inc., determined that the spammers were not linked to the school. Instead, a spam-flinging hacker, who still has not been found, had exploited a software vulnerability to use Flint Hill's computers to relay spam while hiding the e-mail's true origins. It was not an isolated case. The remote hijacking of the Flint Hill computer system was but one example among hundreds of thousands of a technique that has become the most common way of sending billions of junk e-mail messages through the global Internet each day.

As spam has proliferated - and with it efforts by big Internet providers to block messages sent from the addresses of known spammers - many mass e-mailers have become more clever in avoiding the blockades by aggressively bouncing messages off the computers of unaware third parties. In the past two years, more than 200,000 computers worldwide have been hijacked without the owners' knowledge and are being used to forward spam, according to AOL and other Internet service providers. Each day, thousands more PCs are compromised at companies, institutions and - most commonly of all - homes with high-speed Internet connections shared by two or more computers. "The spammers have mutated their techniques," said Ronald Guilmette, a computer consultant in Roseville, California, who has developed a list of computers that have been forwarding spam. "Today, if you are trying to do a really mass spamming, it is de rigueur to do it in an underhanded manner."

[ Read more ]

Related items


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th