Slashdot Mirror


Spamming Trojan "Proxy Guzu"

squiggleslash writes "El Reg has the scoop on a trojan that actually turns your machine into a spam sending proxy. Called "Proxy Guzu", the proxy arrives in your mailbox in the usual "Outlook virus" way (ie disguised as something else so you'll run it.) It then sends an email to a Hotmail email account reporting the IP address of the infected machine and port it's running on. The spammer then merely transmits spam to the infected machine which in turn forwards it on. There's a bright side to all this: Spammers are doing this because they're desperate, with fewer and fewer spam friendly havens. And what they're doing is illegal and opens them up for prosecution."

13 of 236 comments (clear)

  1. Uhh by cscx · · Score: 3, Insightful

    Hotmail disables said account. Case closed...?

    1. Re:Uhh by fidget42 · · Score: 4, Insightful

      After the spammer harvests IP addresses of newly opened relays. Case is still open...

      --
      The dogcow says "Moof!"
    2. Re:Uhh by sinergy · · Score: 5, Insightful

      The virus writer would have been smarter to send notices to IRC, or muliple email addresses. Or use broadcasts a la the SQL worm.

      More clever thought behind things like these would make them much more devistating.

      --
      ...
    3. Re:Uhh by dougmc · · Score: 4, Insightful
      If the spammer had two braincells to rub together to figure that one out, would they be in the spam business to begin with?
      Possibly. Spammers do seem to make money, don't they? And there are many intelligent people out there who like money. Smart people do morally wrong things to make money just like dumb people do.

      The way to stop spam is to remove the profit motive. PEOPLE NEED TO STOP BUYING STUFF THAT THEY GET SPAMMED ABOUT! Once they stop, people will stop paying spammers to advertise their wares, and the spammers will then stop spamming.

      Yes, most spammers do seem pretty stupid. But if it makes money, and it's not illegal, many people, even smart people, have no problems with doing it even if it's morally reprehensible.

  2. Virus...? by MrNemesis · · Score: 3, Insightful

    Are there any AV vendors out there with fixes for this yet? I didn't see any in the article.

    --
    Moderation Total: -1 Troll, +3 Goat
  3. Proxies & broken e-mail by greyrax · · Score: 5, Insightful

    Great. First we have the trojan that downloads kiddie porn (has anyone else ever heard of this one?) and now this.

    Let's face it: SMTP is broken and it needs to be fixed. There has to be some way of authenticating senders and attachments to messages?

    I'm not talking about some of the (innovative) kludges that people have come up with for SMTP, I'm talking about a bare-metal rebuild of the entire system. Sure it will be a pain, but when you move to a new place, you have to give your friends the new phone number and address -- giving a new e-mail address (on the new e-mail system) won't be all that bad will it?

    1. Re:Proxies & broken e-mail by 42forty-two42 · · Score: 3, Insightful
      Let's face it: SMTP is broken and it needs to be fixed. There has to be some way of authenticating senders and attachments to messages?

      There is - it's called PGP. SMTP is only intended to transport mail, not to authenticate it. It's the client's job to determine if it should be accepted.
    2. Re:Proxies & broken e-mail by dasunt · · Score: 4, Insightful

      SMTP is broken? Maybe, but lets look at this logic.

      1. An email attachment pretends to be something it isn't, people click on it.
      2. The email attachment opens up a relay, sends email back to an hotmail account.
      3. Spammer uses email account to spam other email accounts.

      Now lets look at this with $SMTP+1 (With spiffy authentication).

      1. An email attachment arrives from a trusted source/new source. People click on it.
      2. The email attachment opens up a backdoor, sends email back to hotmail.
      3. Spammer uses email software on that machine to spam other machines. Since we have email authentication now, the other users either get "from a trusted source" (if they already knew the person) or "from a new source (Key matches Joe Outlook Idiot)".

      Yep, that sure fixed the problem.

  4. No, don't limit the Internet! by fmaxwell · · Score: 4, Insightful

    If you are running a network, it behooves you to filter outgoing port 25.

    Why? So that I can't test to see if the spam I received came from an open relay? So that I am forced to answer confidential e-mail from client A through client Y's SMTP server when I am at client's Y's site?

    I agree that port 25 should be, by default, locked down on residential dial-up accounts (which spammers use as throwaway accounts), but don't lock it down everywhere. It breaks too many things.

    Only allow initial mail submission by authorized and authenticated clients, and only allow such subissions on a port other than 25.

    At the HELO/EHLO, an SMTP server doesn't know if the mail coming into it is "an initial mail submission" or just a message destined for an address served by that user.

    If you set up an SMTP server on a non-standard port, then no one's mail gets there. AOL is not going to talk to your server on port 20025.

    What happens when lots of mail servers are available on non-standard ports? Suddenly your port 25 block does not work any longer. Then the spammers will look for open relays on non-standard ports. You know that there will be a lot of them because there will be the "security through obscurity" crowd who believes that, because their SMTP server is running on port 31172, they can safely leave it open.

    You're headed in the right direction, but leave port 25 alone. My SMTP server is configured to require identification and authentication to send e-mail outside of my domain. All mail servers should be configured that way. This crap of allowing anyone to send e-mail without a username and password is ridiculous.

  5. Untraceable Really ?? by Crashmarik · · Score: 5, Insightful

    Every Spam is selling something. Someone is paying to have it sent out. Don't trace the spammers. Hit the advertisers. Subpoena for who they are paying to send out the stuff, and then go after them criminally.

    The people that actually have their capitol tied up in penis and breast enlargers, sure as heck don't want it seized.

    1. Re:Untraceable Really ?? by isomeme · · Score: 4, Insightful

      I suspect that in many cases there is no real product (or even 'real' company) behind the sleazier spams. The whole thing is a trick to get your money, and probably your CC number for further fun and games. After all, most people will be too embarrassed to complain to the cops that their penis enlargment pills never arrived.

      --
      When all you have is a hammer, everything looks like a skull.
  6. Re:Activists vs. anti-spam crowd by etrnl · · Score: 3, Insightful

    No. The antispam crowd believes that it boils down to consent. It is fine for companies to send me newsletters... only if I have given them the permission to do so. If I have not given them permission, then it's UCE.

    There is a difference between CE and UCE, and only the latter is bad.

    Don't mix Stallman's ideas about commercial interests with the antispam crowd. None of us are as rabid as he is.

    --etrnl

  7. Have your attorney attack indirectly by ArsSineArtificio · · Score: 4, Insightful

    Why don't you have your attorney sue the proprietors of the 'extreme rape' sites, as well as parties unknown who act as their mass-mailing advertisers?

    Then, you can force the site admins to turn over their records during discovery, find out who exactly the spammers are, and go after them directly as well.

    ABW

    --
    All employees must wash hands before seeking equitable relief.