NYT Reports Porn Spam Hijacking Network

twitter writes "This NYT story describes how thousands of PCs have been used as porn spambots and reverse proxy servers, and mentions that they could be used for kiddie porn. Finally, though Microsoft is not mentioned, people might start to understand what a monoculture of poor quality software enables."

Broadband providers are partially at fault

[reimero]

In my experience, end-users who are not tech-savvy have little real understanding of online security practices: they tend to ignore basic things such as updating antivirus dat files because they don't know or don't understand. And from my own experience, I know that broadband providers are more interested in pitching all their cool features than they are in educating users how to be safe. Seriously, how hard would it have been for my ISP to have included a Sygate or ZoneAlarm trial on the install CD they had to send out anyway?
What kills me is that it's in the ISP's best interests to encourage safe computer habits, and they don't really emphasize that.

These things really are problems

[amishgeek]

I deal with Starband (Satellite Internet for those unfamiliar), and Have seen problems with spambots/pornbots like this. People get infected with them, and they start spamming.

Here's the thing though, with StarBand, they have an auto-imposed limit of around 500mb/week upload, and if you go over it, you are automagically shut off for a few days. The problem with this, and I have seen it happen, is that the Spam/Pornbots can infect a Starband Customers computer, and easilly make them go over their weekly 500mb upload limit. Thus causing them to lose their internet connection.

This poses a real problem, not only for the end user (The people I deal with are all in the far reaches of Northern Minnesota where Satellite Internet is the ONLY broadband option) but also for the ISP's. Its viruses/bots like this that make it even more necessary for legislation to fight spam.

The writers of the Bots would be the spammers, not the owners of the infected systems. Just because I borrow your car to deliver the paper, does that mean that in reality, you delivered the paper because it was YOUR car?

-I may not me amish, but I am a geek!-

Re:FUD

[Zocalo]

Unfortunately, it's not FUD. Recently I've been receiving *huge* amounts of spam, vastly more than normal, and decided to take a closer look at what was being filtered out. There are some very obvious patterns in the extra spam:

• It's pretty much all pornographic or for "enhancement" products.
• The content is very similar - it's clearly the same small set of spams run through a hack to "randomise" the sender and basic subject/content details.
• The originating IPs are *all* assigned to Windows boxes where I could sufficiently NMAP them.
• WHOIS records almost always point to home/SOHO networks; I only found one corporate IP block in around 100 IP lookups.
• There are no SMTP smarthosts being used - it's going direct from a Windows box to my SMTP gateways. Outlook *cannot* do this, so it's coming from malware with a dedicated SMTP engine.
• I've also been seeing a huge increase in the amount of macro viruses inbound - just a guess, but it's probably the bot trying to propogate itself.

Couple this with the 500Mb/s DDoS attack on SpamCop over the last few days and the picture is fairly clear. Someone is thumbing their nose at the US/EU attempts to legislate against spam and sending a message loud and clear. If the antispam community cannot find and nail the person or persons responsible for this, then the eventual legislation is going to have no effect what-so-ever.

So. We have 500Mb/s+ of bandwidth being used in a DDoS, anyone's guess going on the actual spam, kids undoubtably seeing hardcore porn and computers being deliberately compromised and abused. Tell me again that spammers have a right to free speech and it's a victimless crime that doesn't cost anyone anything? They have a right to be force fed Hormel products until they explode like the Glutton in Seven if you ask me.