You've got spam (very likely from a hijacked computer)

Wednesday, 21 May 2003, 11:29 AM EST

The Flint Hill School, a preparatory academy in Oakton, Virginia, might seem an unlikely place to find an Internet spammer. But late last year, America Online traced a new torrent of spam, or unsolicited e-mail ads, to the school's computer network.

On further investigation, AOL, the Internet division of AOL Time Warner Inc., determined that the spammers were not linked to the school. Instead, a spam-flinging hacker, who still has not been found, had exploited a software vulnerability to use Flint Hill's computers to relay spam while hiding the e-mail's true origins. It was not an isolated case. The remote hijacking of the Flint Hill computer system was but one example among hundreds of thousands of a technique that has become the most common way of sending billions of junk e-mail messages through the global Internet each day.

As spam has proliferated - and with it efforts by big Internet providers to block messages sent from the addresses of known spammers - many mass e-mailers have become more clever in avoiding the blockades by aggressively bouncing messages off the computers of unaware third parties. In the past two years, more than 200,000 computers worldwide have been hijacked without the owners' knowledge and are being used to forward spam, according to AOL and other Internet service providers. Each day, thousands more PCs are compromised at companies, institutions and - most commonly of all - homes with high-speed Internet connections shared by two or more computers. "The spammers have mutated their techniques," said Ronald Guilmette, a computer consultant in Roseville, California, who has developed a list of computers that have been forwarding spam. "Today, if you are trying to do a really mass spamming, it is de rigueur to do it in an underhanded manner."

[ Read more ]

Related items




Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //