Compromised Home Computers Used To Hide Spamvertised Sites

from the getting-worse dept

There have been plenty of stories about how spammer and hackers have been teaming up to install trojan horse programs on thousands of home computers, but it's been a little unclear what some of them are being used for. There are stories of how they're being used as open proxies to send out spam, and others where the computers are actually hosting porn or other spamvertised content. The latest scam is that the trojans are being used to confound tracing tools to track down where a spamvertised site is hosted. One popular anti-spam technique is to track down the location of spamvertised sites and get them knocked offline. By making it impossible to determine the actual IP address of the site, it means that spammers can host the sites at popular hosting sites (even the most "antispam" ones around) and not worry about being kicked off. The article also points out that spammers are getting nastier with things like this because out of work hackers - who used to hate spammers - are being drawn by the reports of spam money.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    aNonMooseCowherd, 9 Oct 2003 @ 4:30pm

    huh?

    I found this article somewhat baffling. You can't connect to a site without having an IP address to connect to. So how can a site's IP address be a secret?

    link to this | view in chronology ]

    • icon
      Mike (profile), 9 Oct 2003 @ 4:55pm

      Re: huh?

      I'm not sure I fully understand it, but it sounds to me like the IP address is constantly changing, but each time, it's pointing to an individual computer - then, that computer goes out and collects the actual website contents from an established hosting company and presents it from the computer. Thus, you don't need the actual IP address of the website, but the (ever-changing) intermediary that grabs the site in question.

      link to this | view in chronology ]

    • identicon
      Peter F Bradshaw, 10 Oct 2003 @ 7:29am

      Re: huh?

      The method is quite simple. The "trojaned computers" have a HTTP proxy installed on them. Presumably the purpose of the worms mentioned was to install this proxy. All that remaines is for the spammer to get a DNS record which points to the proxies.

      The bit that is not explained in the article is how the proxies know the IP number of the real site. I suspect that there is a central point somewhere which distributes these to the proxies.

      I would think that there is a method of finding the real site in some cases (e.g. if the real site is hosted by Yahoo). For the real site to be invisible it needs to be set up so that it accepts requests only from the proxies. This means that the the spammer would have to have access to the HTTP server's access control lists. This would not be possible at most hosters. Therefore I suspect that the real site (at the real IP) will appear on Google.

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.