Security threats Toolkit

It's official: Spammers are hijacking ISPs

Tags:
Messagelabs,
Spam

Dan Ilet ZDNet.co.uk

Published: 04 Mar 2005 13:50 GMT

An email security company says it has found evidence that spammers are tricking Internet service providers into helping them evade anti-spam security measures.

ZDNet UK reported last month that spammers are using software tools that force virus-infected PCs to relay spam attacks through their ISP's own mail server. Traditionally, infected computers have been used as mail servers to send spam directly to recipients. But the new technique means the spam appears to come from the ISP itself, making it hard for an anti-spam blacklist to block the spam without also blocking legitimate mail from the ISP.

According to research published by MessageLabs on Friday, the proportion of spam coming directly from networks of infected machines has decreased from 79 percent to 59 percent, while overall spam levels have climbed. The company believes that this proves that spammers are increasingly sending their junk mails via the ISPs.

"It's fairly hard evidence that although the spam problem has not gone away, the way spam is distributed has changed," said Paul Wood, chief information security analyst for MessageLabs. "It backs up [suggestions] that this method is being aggressively used."

Last month, anti-spam campaigner Spamhaus called on ISPs to start throttling spam sent via broadband customers compromised by the technique.

"They've got to throttle the number of emails coming from ADSL accounts. They are going to have to act quickly to clean incoming viruses. ISPs have so much spam -- they are too understaffed to call people up and tell them they have Trojans on their machines. And no one would know what you're talking about," said Spamhaus's Steve Linford.

Wood said the results suggest that ISPs need to start managing the data sent through their networks.

"That would certainly seem to be an implication," said Wood. "If an ISP is not checking their mail servers to see if it is sending spam, legally that puts them on a different foot in terms of identifying sources of spam. How they can get over this is a problem? They will have to learn more about their customers. They need to check customer computers, whether they do it or give people the tools to do it. It's very much a moving target."