Compromised Home Computers Used To Hide Spamvertised Sites

from the getting-worse dept

There have been plenty of stories about how spammer and hackers have been teaming up to install trojan horse programs on thousands of home computers, but it’s been a little unclear what some of them are being used for. There are stories of how they’re being used as open proxies to send out spam, and others where the computers are actually hosting porn or other spamvertised content. The latest scam is that the trojans are being used to confound tracing tools to track down where a spamvertised site is hosted. One popular anti-spam technique is to track down the location of spamvertised sites and get them knocked offline. By making it impossible to determine the actual IP address of the site, it means that spammers can host the sites at popular hosting sites (even the most “antispam” ones around) and not worry about being kicked off. The article also points out that spammers are getting nastier with things like this because out of work hackers – who used to hate spammers – are being drawn by the reports of spam money.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Compromised Home Computers Used To Hide Spamvertised Sites”

Subscribe: RSS Leave a comment
Mike (profile) says:

Re: huh?

I’m not sure I fully understand it, but it sounds to me like the IP address is constantly changing, but each time, it’s pointing to an individual computer – then, that computer goes out and collects the actual website contents from an established hosting company and presents it from the computer. Thus, you don’t need the actual IP address of the website, but the (ever-changing) intermediary that grabs the site in question.

Peter F Bradshaw says:

Re: huh?

The method is quite simple. The “trojaned computers” have a HTTP proxy installed on them. Presumably the purpose of the worms mentioned was to install this proxy. All that remaines is for the spammer to get a DNS record which points to the proxies.

The bit that is not explained in the article is how the proxies know the IP number of the real site. I suspect that there is a central point somewhere which distributes these to the proxies.

I would think that there is a method of finding the real site in some cases (e.g. if the real site is hosted by Yahoo). For the real site to be invisible it needs to be set up so that it accepts requests only from the proxies. This means that the the spammer would have to have access to the HTTP server’s access control lists. This would not be possible at most hosters. Therefore I suspect that the real site (at the real IP) will appear on Google.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...