Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers Using Hacked Machines as Decoys

Posted by michael on from the there's-gotta-be-a-law dept.

avi33 writes "This Wired story shows a disturbing alliance between hackers [sic] and spammers. Interestingly, they blame part of the alliance on market forces, leading some skilled engineers to the dark side for profit's sake. A Polish firm claims to have control of 450,000 Trojaned systems that it uses to mask the IP addresses of its hosted sites. In other words, you could host your Viagra-peddling site with a company that has a stringent no-spam policy, but a DNS lookup will point to a home user's compromised machine. Not quite bulletproof, but certainly ups the ante in the spam war."

6 of 413 comments (clear)

  1. Firewall by JohnGrahamCumming · · Score: 3, Interesting

    Of course if broadband ISPs were to implementing a simple inbound firewall
    for every user then they'd eliminate most of these problems overnight:
    trojaned machines would be unreachable, worms like CodeRed that scan for
    vulnerabilities would be halted.

    The few users of broadband who actually need to run an Internet visible
    server would then have to contact their ISP for a port to be opened, but
    that seems like a small price to pay for cutting off 1000s of machines that
    have been hacked.

    Naturally, this would cause file steal^H^H^H^Hharing applications to stop
    working.

    John.

    1. Re:Firewall by 4of12 · · Score: 3, Interesting

      not always that easy to find the real "root of the evil"

      I have to smile when I think of how true that is. All of the onus of responsibility for computer viri and worms these days is conveniently placed on the writer and dispatcher of the virus or worm. And, yes, they should be held responsible for their primary role.

      Fewer people take the time to think that such viri and worms would be fewer and farther between if the underlying OS were designed and implemented better.

      Fewer still concede that they have some personal responsibility to apply patches and updates in a timely manner, or that they have to take the time to understand how to harden their systems.

      But it's a whole lot more convenient and comfortable to place blame onto the "hacker" than to think that we all have a hand in the creating environment where exploits flourish. Despite how comfortable we feel about placing blame in a simple-minded way, it doesn't seem to have been an effective framework for a policy for improving the situation. At least, not if the past 5 years are any guide, it hasn't.

      It's consistent, though. Along with an incorrect view of the problem will come an incorrect solution. TCPA will be foisted upon us in the name of curing "The" problem of "hackers", just as the "Patriot" Act has cured us of the problem of "terrorists."

      --
      "Provided by the management for your protection."
  2. nailing the bastards by tarzan353 · · Score: 2, Interesting
    It's not that hard to take down a spammer who causes you problems beyond just sending you unwanted email... I had one friend who had a spammer run a couple hundred thousand emails thru his system (a bug had made it into an open relay). It took one stern call to the ISP hosting the advertised websites to get his hosting and DNS cut off at the knees.

    This is more than just sending off a single email to a scantly watched abuse email.. This means getting hold of a real person and explaining, realistisay, what sort of legal liabilities they might be open to if they continue to support the spammer's actions. (Hacking laws, aiding and abetting, Trademark infringement and vicarious liability) often fit in there.

    If more people would do this, life would get a lot harder for spammers.

  3. Easier solution by Anonymous Coward · · Score: 1, Interesting

    Link this to Al-queada somehow.. The US will get Poland to deport these guys..Problem solved...

  4. Re:Guess Who's To Blame by Anonymous Coward · · Score: 2, Interesting

    By including the pamphlet in the box, Gateway is then possibly opened to suits because of the hard link between Gateway and updating AV software.

    Also, it can become a support nightmare, as Gateway like most vendors don't support 3rd party software for free.

    Even then, troubleshooting or offering any advice to a customer becomes very subjective, and by offering advice on certain products that are not shipped with their systems, Gateway further opens its doors to possible legal action.

    I remember once at Gateway about 10 years ago when there was pressure comming down because a customer had a virus on a driver disk. Even though it was obvious that the disk was infected by the persons machine, many internal changes were implemented to protect the company from litigation. Believe me, the last thing that they would want is another repeat of MOD001AAUS.

  5. It's only a matter of time... by Have+Blue · · Score: 3, Interesting

    ...Before computer use (at least on the Internet) requires a license. I realize that has some very large drawbacks, but at the rate we're going one day the benefits really will outweigh the drawbacks. Do we have to wait until network traffic is 90% spam and viruses? 99%? 100%? A computer can do more damage to the network than a car can do to a highway, and we license driving. Maybe we'll wait until poor network performance starts to kill people by interfering with hospitals and emergency services.