This isn't board related, but it's an important enough topic that I'm putting it here to make sure it appears on both ATS and BTS. Most of you know my spam fight, or are at least aware of my anti-spam efforts with the abovetopsecret.com e-mail service. Well, I've been slowly noticing a disturbing trend that has been rumored in the industry... you could be sending most of the spam on the Internet. I'll be presenting my findings to an advertising industry trade group panel in about two weeks here in NYC. I serve on an interactive industry ethics committee. After filtering out most of the really abusive spam-sending networks, fully two-thirds of all the spam hitting my test accounts is being sent from home computers on broadband cable modem or DSL connections. This activity has increased dramatically since the last SOBIG virus attack in August, and is exponentially increasing on a weekly basis. According to my calculations, 80% of the e-mail hitting our server is spam. The most disturbing trend is what appears to be an extremely sophisticated trojan that is able to dynamically alter the sending machine's name in the e-mail header data. Thus, your home PC on a cable connection can "look" like hundreds of different computers to the spam filtering services (like Outblaze). I've also observed this dynamic trojan recognizing bounce-backs from an e-mail server, and instantly attempt alternate means to break through to the target e-mail account. Here's the bad news, according to the laws currently being proposed to fight spam, you could be targeted. It appears as though the spammers have anticipated the nature of the new laws, and have created virtual networks of slave computers to bypass coming criminal action. By the letter of the new laws, you will be financially responsible for the wasted bandwidth on the networks your computer is sending spam (in addition to various levels of criminal charges based on the nature and content of the e-mail). The laws assume you have the responsibility to secure your own computer, so innocent people may get caught up much like the RIAA issues. I haven't spent time (yet) researching how to discover if your computer is a slave to one of these spamming trojans, but it's critical that you take steps now to secure your computer. If you're on a broadband connection, invest in an inexpensive router to sit between your cable or DLS modem and your computer (many trojans are reported to be able to get past simple personal firewalls). Obtain updated anti-virus and anti-trojan definitions for your anti-virus software, and run detailed checks. There is a troubling undercurrent here with semi-conspiracy undertones, but I'll comment on that later. For now, all members of ATS, please secure your systems!

Good topic
That I didnt know!
Be sure to keep us updated on your findings and in the meantime I will do some research of my own.

Keep up the good work........You guys rock

My computer was at one time sending out mass spam! I logged-on one day, and noticed my screen froze up, and on my task bar, multitudes of orange "use" squares were reading "mail sent". Luckily, I have... Symtech(?) (the Norton Anti-Virus company) active, and they were able to stop the mailings.

I had to use my kill switch to shut down... Windows was frozen. After rebooting, I ran my spyware eraser and Norton... took care of the problem.

Now, the hardest part for me to except was the fact that I know what I am doing when it comes to safety measures, and this slipped by. I can imagine what kind of problems would have arisen should I not have had the Symtech line open.

Just think of all the people out there that don't.

I really need to get back on the ball with system security.... Thanks for the heads up.....

question,


for my home computer I use a dial up connection.
I just bought my computer about 3 months ago, my operating system is Window XP.

What upgrades should I make to prevent

Thanks

Not too much of a suprise to see spammers using viruses to practice their trade. It would be interesting to see some stats on what OS'es are being compromised to do this, as I have a feeling its mainly Windows type machines.

I can't help but think how stupid it is to pass laws allowing private citizens to be held responsible for the actions of someone else. Sure we should all keep our machines secure, but it seems more and more secure isint just having antivirus installed and a firewall setup. I would dare say a large chunk of computer users have firewalls installed because of all the hype (but rightly so hype) but dont know how to properly configure it or identify an attack or penetration of their system. The problem is that for as smart as we make the innocent computer users, the black hats, crackers, skiddies, spammers and virus writers are always one step ahead.

I've been paying attention to mostly mail-server anti-spam methods. Do a search on Google for anti-spam plug-ins and helpers for the e-mail application you're using. Dial-up users typically don't need to worry about their computer being used as a spam slave... however, I've even seen some dial-up headers in the spam I get, so it can happen. Anti-virus and a good personal firewall (like Black Ice) are always your best defense. Never use a freeware personal firewall, spring for the $30 or so and make sure you software is always up-to-date.

Thanks Mr Overlord !

another question... ( these guys are gonna think I'm really dumb )

you said "black Ice' would be a good one... can that be purchased about anywhere..

Best Buy
Media Play...

or do I need to go to an actual computer store ?

blackice.iss.net...

Yes. About 95% of the known spam-trojans are designed for Windows. Two have been found that exploit buffer-overun holes in nix-flavored SendMail installations that have not been updated... and this would be specific even to Mac OSX users who aren't paying attention.

thanks again...

I'll do it when I get home tonight !

I'll post my observations on this in RATS later today. Some startling rumors.

This happened to my grandparents, they leave the computer on all the time and the grandkids come in and check their emai, surf, whatever. They are supposed to have a dynamic ip, but if you stay connected, your ip doesn't change. After cleaning up the PC, I bought them a router w/ built in firewall.

If you suspect that your computer has been infected, first check to see if you can still login as the administrator on your PC. This is the first thing they need to install some remote PC software on your PC.
The one I found used often is a program called DAMEWARE. Search your harddrive for dameware or dame or some other variation. You can also install some free firewall like ZA and you will be able to see the spammer trying to connect to the internet, about 120 times in a minute. Be carefule, because they also use a program that will kill ZA and any virus software running. So, if you are having a hard time updating your virus software you may also want to check things.

There was a warning I read just yesterday (and honestly, I can't remember WHERE but it was a reputable (magazine/news) source) about a new virus with compressed attachments that slip under the radar of the firewalls and email cleaning programs.

It comes as one of those sex emails, and if you don't respond (and initiate the program) it then lurks on your system and emails you that your computer has been tagged as one sending pedophilic material and you'll be reported to the cops unless you explain yourself to the Blackhole list. The email looks like it does go to RBLS, but a careful examination shows that it's actually sending your passwords and codes to somewhere else.

This, frankly, is one of the reason that my emails are all either web based OR are goodole Unix PINE. And it's the other reason I have a dialup service.

www.dslreports.com...

it appears as though the two most utterly evil forces on this planet are joining forces...spammers and virus writers. may the lord have mercy on us all.

I did at one time run my own smtp and did have it comprimised as a relay center for some spammer scum. So I can relate to this, and have to say it's not a fun time getting rid of the problem. I'm totally with Byrd on this one, web and or *nix based emails are the way to go.

SkepticO: I'm looking on Linuxsecurity.org and havnt seen any type of exploit that you're talking about....is this exploit recent???

Let's see what I've :

- My OS has all the updates.
- 2 firewalls
- SpyBot Search & Destroy
- Ad-Aware
- Anti-Trojans software
- Anti-Virus software ( Not Norton )

and these softwares are allways updated. ( I check for updates 1 time per day )

And when my PC is on but I don't need to surf, I remove the Broadband cable modem plug, so.....

Actually, there is a virus who's targetting the port 135 ( ICMAP ) and the RCP. It try to connect to this file " alg.exe ". As most of the attacking IP's are from my provider, I've warned them but they don't mind so much.

No. It's about 6 months old right now. If a user is running an updated version of Sendmail, there is no concern.

William, I think you were right for most of what you said, as usual, but I think you're a bit unfair on the firewall parts. As a newb, I used ZoneAlarm because it was simplier and then moved on Tiny Firewall when I was more experienced, and I never had one of my pcs compromised.

Of course, if you have cash to spend for softwares, go for it, and buy one. Hell, why don't you buy a hardware firewall while you're at it? You'll have more of your pcs ressources for your self this way.
Some routers have nices integrated firewalls, they might not all be "state-full" or completely stealth, but some are good, and most are enough for home user.

The latest one is really really solid. Anyway, that was just my opinion.

Really interesting post BTW, I read somewhere that 90% of the spam on the net originate from ONE company, based in Texas. Can't remember the name.

If you guys want to protect you're pc but don't know much about it, I'll guess you're running windows, so just keep it updated using windowsupdate.com, use both a firewall and anti-virus software, and never install stuff you're not sure about it. Also, you should learn how your O.S. works, this way you have less chance of being compromised. And run anti-spyware program once in a while (I personnaly recommend spybot AND ad-aware) and always update thoses software too.

Another good advice is to learn how to & check often exactly WHAT is starting when your system start.

The best advice is to be paranoid.

[Edited on 4-12-2003 by m0rbid]

I've got to go find the story now. But one of the trojans has been designed to get past ZoneAlarm and disable some of it features... but I think it's limited to ZA on Windows ME only... can't remember for sure. Yes, the best solution is a hardware router with buit-in firewall. Even better is a Mac pugged into that router.

here you go...

www.securiteam.com...

Should have doubt it, like any softwares that get widly used, chances are it's gonna get breaked.

Go hardware

I gotta add that it's really scary to see that the spam industry is constantly seeking for new way to send spam and new way to bypass spam filter. By using random home pcs, it makes it really tough to block IPs, and almost makes it a end-less job.

God I hate spammers.

[Edited on 4-12-2003 by m0rbid]