Technology, Support, and News Forum

[augie]

c't has gathered evidence that virus writers are selling the addresses of computers infected with trojans to spammers. The spammers use the infected systems to illegally distribute commercial e-mail messages -- without the knowledge of their owners. Furthermore, the network of trojans forms a powerful tool which the distributors of the viruses can use to, for example, launch distributed DoS attacks.

With the help of c't, a student of computer science has tracked down the authors of a computer virus. The editorial staff were able to establish contact with the virus distributors and buy IP addresses of infected machines. Because one of the virus distributors has been located in Great Britain, c't has passed on all information to Scotland Yard. By now, individuals in several countries have been arrested.

In this case, a trojan was installed on thousands of computers with the help of the virus "Randex". This small program contacted its "master" through the chat protocol IRC. From its master it received commands to for example look for CD keys of games, launch SYN Flood attacks from the infected machine or secretly load additional software. This way, the trojan was also able to install a SOCKS proxy server which can be used to relay spam through the infected PCs. The virus also infects local subnets using the Windows Directory Service.

In an interview with c't, an investigating officer of Scotland Yard commented: "We fear that this is just the beginning. In the case in question, the authors and distributors of the viruses already no longer do their work just for fun or ego. The scene is becoming more professional and has recognised how much money can easily be gained illicitly this way."

You can find a report about the investigation in today's broadcast of c't magazin.tv. In the coming edition of c't, you can find a detailed description of the events (available in shops in German speaking countries from Monday, February 23).

Thanks to Jeroen Roovers for the translation of the German news article and to Groklaw for putting it to the attention of English speaking readers. Groklaw also reports, that Earthlink is bringing suit against a group of spammers called the Alabama Group. In one of the cases mentioned in the suit, a zombie computer was used to send spam.



heise online

[MinusDriver Profile Website]

Nice post Augie!