Unsuspecting Computer Users Relay Spam
from the more-spam-problems... dept
There have been more and more stories like this one popping up lately, of spammers using viruses and trojan horses to send their spams from computers that they don’t own – thereby making it nearly impossible to track them down (while also putting all the blame on someone innocent). One person in the article suggests that 200,000 computers have been hijacked for this purpose. The owners of the hijacked computers usually have no idea until they get a message from their ISP accusing them of spamming. The article also gets into the issue of open proxy servers, which often lead to these sorts of hijackings – and how ISPs like AOL and Road Runner are dealing with them. AOL is now blocking all mail from open proxy servers and Road Runner is actively probing anyone who emails them to see if they’re running an open proxy server.
Comments on “Unsuspecting Computer Users Relay Spam”
Open relays and open proxies - your big opportunit
As the article says this abuse is widespread. Thhe spammers look just about everywhere for a system to abuse.
Ask yourself: why not give them one? You could have a lot of fun.
Now, of course, you don’t want to deliver any spam for them – that’s not fun. But letting them send you spam and then not delivering it – that IS fun – sometimes an absolute delight.
Even if you just trap their relay tests (if you simulate an open relay partway) you’ve got something you can use against them. If the spammer is sending his tests to his own dropbox account at a freemail provider see if you can persuade the freemail provider to (a) throw away the email still in the spammer’s dropbox and (b) simply divert future email to that address, leaving the account active but useless. So far I’ve persuaded just one freemail provider but it was the highlight of my week when it happened. You can also alert the spammer’s ISP, if he still sends tests from his own IP (which several still do – they’re very cavalier and careless in this aspect of their operation.) One system I control gets about 100 tests a month. Some are repeats, of course, but some are fresh. It’s tremendous fun (and very informative) to let just one test be delivered and then see what spam follows. You make a link between the tester and the spam – that could be very useful informaiton sometime in the future.
There’s a free download: jackpot.uk.net. Windows users with permanent network conections can do this. As installed Jackpot simply traps all incoming email (on most Windows systems there should be none – you POP your email from a server. The email that comes to your system most probably isn’t for you – it’s a spammer test.) You can use the web interface to make it relay or you can change the configuration so that it always relays.
If you’re concerned about having your bandwidth eaten up you can use the tarpit option to slow the communications. I turn tarpit off but I don’t see much activity any more – I think many of the major spammers know about me. That’s fine: if they left every IP alone that would be a win, wouldn’t it?
Linux/Unix users with a spare IP can also do this using sendmail. See the URL for instructions. One operator, outside the US, stopped spam to 281 million recipients his first year of honeypot operation. Not bad, eh? Even better, he uses just a 120 MHz Pentium, 64 Mb, Linux & sendmail. That old computer in the closet can do something useful – get it out and set it up.
Simulating an open proxy should be even better. All you need do is divert any proxy traffic that is intended for port 25 elsewhere to your own relay spam honeypot. Even better, if the spammer connects to the “open proxy” from his own IP you have that IP and you have evidence to send his ISP of his abuse. Sweet.