Several small internet service providers have been shocked to see some of their most unlikely users turn into spammers. But it turns out the users are unwitting tools of a new virus that experts say is the first case theyve seen of hackers finding a way to commercially exploit their skills.
The scheme — seemingly spread across desktops in the form of a virus — was tested by hackers throughout June, apparently to explore the possibility of infecting home machines with software that would generate unsolicited bulk e-mail without the knowledge of the machines owners.
"I believe it was a dry run," said Michael Reaves, systems administrator at Adimpleo/FirstNetSecurity.com. Reaves organization registered the first case of a "spamming trojan" on June 14, in the San Francisco Bay area, on Excite@Homes network. He believes a commercial version will soon be launched.
The virus was designed with a simple succession of points and clicks, using a widely available worm-writing tool such as The Visual Basic Worm Generator, experts believe. The virus carries a trojan — a piece of hacker software that installs itself on users machines after an e-mail attachment is downloaded.
The trojan — nicknamed the spamming trojan for its function — then generates spam e-mails from users accounts, using their names and targeting the people to whom they send e-mail. Got an e-mail from your grandmom advertising the services of an adult Web site? Dont get mad — her computers been infected by the spamming trojan virus.
Its the unlikely nature of the users who turned into spammers overnight that caught network administrators attention in the first place.
"I got an abuse report from somebody in Florida and was very surprised, because we run a very clear network and got just three abuse reports in three years," said Don Lashier, owner of Newport Internet in Oregon. "I checked into it, and the spammer was this middle-age woman we know well." Newport Internet has only 1,000 users, and Lashier knows many personally.
Further investigation revealed the user was unwittingly generating spam, seemingly advertising services on an adult Web site — with one caveat: The ad had no HyperText Transfer Protocol links, leading Lashier to believe a spamming trojan was being tested.
While individual users generate very little spam — three or four messages per day — Reaves believes the problem is amplified by the proliferation of distributed, remote systems management tools, which have been used in the past to launch denial-of-service attacks. This time, hackers could use the same topology to generate massive volumes of spam.
"Hackers now can make money," Reaves said.
Jupiter Research estimates the volume of opt-in e-mail will reach 268 billion messages by 2005, generating revenue of $7.3 billion. Security experts say some of this cash is bound to end up in spammers pockets.
The spamming trojan could be prevented by users installing filters to block spam and viruses or by ISPs taking measures to curb spam and increase security.