According to SpamHaus -- an anti-spam organisation which compiles blacklists blocking eight billion messages a day -- a new piece of malware has been created that takes over a PC and then uses it to send spam via the mail server of that PC's Internet service provider. This means the spam appears to come from the ISP, making it very hard for an anti-spam blacklist to block it.
Previously, these zombie PCs have been used as mail servers to send spam emails directly to recipients.
"The Trojan is able to order proxies to send spam upstream to the ISP," said Steve Linford, director of SpamHaus.
Linford believes that this Trojan was written by the same people who write spamming software.
Reports suggest that ISPs in the US have already been hit. "We've seen a surge in spam coming from major ISPs. Now all of the ISPs are having large amounts of spam going out from their mail servers," said Linford.
This will cause serious problems for email infrastructures as it is impractical to block domain names from large ISPs. Linford predicts that ISPs will see a growth in the volume of bulk mail they send and receive over the next two months, with spam levels rising from75 percent of all email to around 95 percent within a year.
"The email infrastructure is beginning to fail," Linford warned. "You'll see huge delays in email and servers collapsing. It's the beginning of the email meltdown."
Linford said that ISPs need to act fast to take control of the problem. "They've got to throttle the number of emails coming from ADSL accounts. They are going to have to act quickly to clean incoming viruses. ISPs have so much spam -- they are too understaffed to call people up and tell them they have Trojans on their machines. And no one would know what you're talking about."
ISPs BT and Thus didn't respond to requests for comment on this issue.
Anti-spam company MessageLabs confirmed Linford's findings.
"This ups the ante in the need for filters," said Mark Sunner, chief technology officer for MessageLabs. "It makes it more difficult for people who compile black lists, which is why spammers are doing this. It will put more pressure on ISPs to take greater interest in the traffic they carry and filter at source."
The Information Commissioner's Office, the UK's point of call to report about spam, said it had received no complaints of bulk spam from ISPs. A statement from the ICO said, "As you are aware the ICO's role is to enforce the regulations (the Privacy and Electronic Communications (EC Directive) Regulations 2003. If it receives complaints regarding spam, the ICO needs to establish the source of the spam to take action. The ICO then contacts the company concerned."
Talkback
Hmm. Well I'd be surprised if most ISPs didn't already have software to detect suspicious email activity from a user, so I can't see this technique working particularly well. Seems like someone's massively overhyping this situation. "Email meltdown" indeed?!
Shouldn't ISPs suggest software (avg, spybot, etc) to their customers to prevent this?
I noted Steve's comment - but it seems to me that the article is trying to say is that the infected PC starts acting exactly like the ISP mail server. If this is true, then how will the difference between real and phoney servers be determined? In other words will the ISP be able to determine the source?
There's only one way to stop these people - toughen up and send them to jail.
Up the ante and start imposing fixed custodial sentences to anyone convicted of unsolicited emailing.
Its intrusive and costs all of us in the long run in increased access charges.
ISP's pay by the megabyte and the more they pay the more we pay for access, if they are paying for a vast amount of traffic from a tiny minority of spammers then we are the ones that suffer. Lock the spammers up I say.
To curb some of the backlash of spam, I would see if my ISP had a setting to only allow email from those in your address book.
Hi!
i'm currently in charge of setting up ISP MX's and Filters.
But, i don't agree to Dan Ilett's article. Indeed, spam from customer accounts IS a problem, but not this big, to proclamate the beginning end of SMTP.
Yes, it's an ongoing 'fight' against spammers and even if the filters are getting better (at provider-level: refer to SPF and equivalents) spammers will use techniques against them.
Essentially, i believe the whole spam problem cannot be solved on a technical base, well, today you're able to seal systems nearly perfect, but regular users won't deal with certificates and keys, they expect easy use.
I believe, the spam problem has to be solved at an political and legal level. As long as it is possible to sell products advertised via spam only, we're fighting against windmills.
Only my two cents :)
Stephan