No Evidence That Hacker Was Hacked
Underwear That Monitors Your Health

Compromised Home Computers Used To Hide Spamvertised Sites

Scams

from the getting-worse dept

Thu, Oct 9th 2003 8:44amMike Masnick
There have been plenty of stories about how spammer and hackers have been teaming up to install trojan horse programs on thousands of home computers, but it's been a little unclear what some of them are being used for. There are stories of how they're being used as open proxies to send out spam, and others where the computers are actually hosting porn or other spamvertised content. The latest scam is that the trojans are being used to confound tracing tools to track down where a spamvertised site is hosted. One popular anti-spam technique is to track down the location of spamvertised sites and get them knocked offline. By making it impossible to determine the actual IP address of the site, it means that spammers can host the sites at popular hosting sites (even the most "antispam" ones around) and not worry about being kicked off. The article also points out that spammers are getting nastier with things like this because out of work hackers - who used to hate spammers - are being drawn by the reports of spam money.
3 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    aNonMooseCowherd, 9 Oct 2003 @ 4:30pm

    huh?

    I found this article somewhat baffling. You can't connect to a site without having an IP address to connect to. So how can a site's IP address be a secret?

    link to this | view in chronology ]

    • icon
      Mike (profile), 9 Oct 2003 @ 4:55pm

      Re: huh?

      I'm not sure I fully understand it, but it sounds to me like the IP address is constantly changing, but each time, it's pointing to an individual computer - then, that computer goes out and collects the actual website contents from an established hosting company and presents it from the computer. Thus, you don't need the actual IP address of the website, but the (ever-changing) intermediary that grabs the site in question.

      link to this | view in chronology ]

    • identicon
      Peter F Bradshaw, 10 Oct 2003 @ 7:29am

      Re: huh?

      The method is quite simple. The "trojaned computers" have a HTTP proxy installed on them. Presumably the purpose of the worms mentioned was to install this proxy. All that remaines is for the spammer to get a DNS record which points to the proxies.

      The bit that is not explained in the article is how the proxies know the IP number of the real site. I suspect that there is a central point somewhere which distributes these to the proxies.

      I would think that there is a method of finding the real site in some cases (e.g. if the real site is hosted by Yahoo). For the real site to be invisible it needs to be set up so that it accepts requests only from the proxies. This means that the the spammer would have to have access to the HTTP server's access control lists. This would not be possible at most hosters. Therefore I suspect that the real site (at the real IP) will appear on Google.

      link to this | view in chronology ]


No Evidence That Hacker Was Hacked
Underwear That Monitors Your Health
Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

Friday

19:39 Important Announcement: Techdirt Is Migrating To A New Platform (0)
More arrow

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.