Unsuspecting Computer Users Relay Spam

from the more-spam-problems... dept

There have been more and more stories like this one popping up lately, of spammers using viruses and trojan horses to send their spams from computers that they don’t own – thereby making it nearly impossible to track them down (while also putting all the blame on someone innocent). One person in the article suggests that 200,000 computers have been hijacked for this purpose. The owners of the hijacked computers usually have no idea until they get a message from their ISP accusing them of spamming. The article also gets into the issue of open proxy servers, which often lead to these sorts of hijackings – and how ISPs like AOL and Road Runner are dealing with them. AOL is now blocking all mail from open proxy servers and Road Runner is actively probing anyone who emails them to see if they’re running an open proxy server.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Unsuspecting Computer Users Relay Spam”

Subscribe: RSS Leave a comment
1 Comment
Brad Spencer (user link) says:

Open relays and open proxies - your big opportunit

As the article says this abuse is widespread. Thhe spammers look just about everywhere for a system to abuse.
Ask yourself: why not give them one? You could have a lot of fun.
Now, of course, you don’t want to deliver any spam for them – that’s not fun. But letting them send you spam and then not delivering it – that IS fun – sometimes an absolute delight.
Even if you just trap their relay tests (if you simulate an open relay partway) you’ve got something you can use against them. If the spammer is sending his tests to his own dropbox account at a freemail provider see if you can persuade the freemail provider to (a) throw away the email still in the spammer’s dropbox and (b) simply divert future email to that address, leaving the account active but useless. So far I’ve persuaded just one freemail provider but it was the highlight of my week when it happened. You can also alert the spammer’s ISP, if he still sends tests from his own IP (which several still do – they’re very cavalier and careless in this aspect of their operation.) One system I control gets about 100 tests a month. Some are repeats, of course, but some are fresh. It’s tremendous fun (and very informative) to let just one test be delivered and then see what spam follows. You make a link between the tester and the spam – that could be very useful informaiton sometime in the future.
There’s a free download: jackpot.uk.net. Windows users with permanent network conections can do this. As installed Jackpot simply traps all incoming email (on most Windows systems there should be none – you POP your email from a server. The email that comes to your system most probably isn’t for you – it’s a spammer test.) You can use the web interface to make it relay or you can change the configuration so that it always relays.
If you’re concerned about having your bandwidth eaten up you can use the tarpit option to slow the communications. I turn tarpit off but I don’t see much activity any more – I think many of the major spammers know about me. That’s fine: if they left every IP alone that would be a win, wouldn’t it?
Linux/Unix users with a spare IP can also do this using sendmail. See the URL for instructions. One operator, outside the US, stopped spam to 281 million recipients his first year of honeypot operation. Not bad, eh? Even better, he uses just a 120 MHz Pentium, 64 Mb, Linux & sendmail. That old computer in the closet can do something useful – get it out and set it up.
Simulating an open proxy should be even better. All you need do is divert any proxy traffic that is intended for port 25 elsewhere to your own relay spam honeypot. Even better, if the spammer connects to the “open proxy” from his own IP you have that IP and you have evidence to send his ISP of his abuse. Sweet.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...