The strengthening alliance between spam senders, virus writers

Spammers are turning to tactics favoured by virus writers to get their unwanted commercial messages into circulation. Graham Vorster, chief technology officer at Duxbury Networking, looks at how unscrupulous spammers are hijacking the e-mail accounts of innocent users to send millions of messages.

Faced with increasing resistance to their activities, senders of unwanted and often malicious commercial e-mail messages - spammers - are evolving a new set of tactics to reach their targets with advertising for porn sites, miracle cures for baldness, get-rich-quick schemes and similar distasteful messages.

Spammers are taking over the accounts of unsuspecting computer users by sending e-mail messages that resemble computer viruses.

Significantly, victims are unlikely to be aware of the fact that they are playing the role of middleman to the spammers. The only indication might be a slightly slower Internet connection.

Spam now accounts for around half of the e-mails sent globally every day. It is a serious problem because it is difficult to filter out as it often resembles legitimate e-mail messages.

Governments, companies and Internet service providers are uniting in their efforts to eradicate spam. Some companies are offering e-mail filtering services that block both viruses and unwanted commercial messages.

As efforts to beat spammer accelerate, junk marketers are increasingly keen to cover their tracks and hide the real origin of the messages they send.

And as the numbers of insecure Internet relays and mail gateways reduce, many desperate spammers are creating virus-like programs to gain control of vehicles for their activities.

These programs are most often designed as Trojans. Like the wooden horse of antiquity, they conceal a deadly payload inside an innocent looking shell.

They are able to take over an e-mail account and use it as a funnel for millions of spam messages.

These Trojans trick people into clicking on a link that takes them to a Web site. At the same time, a virus is delivered.

Versions of the virus-bearing spam encourage targets to unsubscribe from bogus newsletters or claim to give away electronic greetings cards.

Similar techniques are used by hackers to carry out denial-of-service and other malicious attacks.

Through the use of Trojans, hackers are also able to recruit hundreds of innocent machines and then instruct them to bombard a particular Web site with bogus data packets.

In common with many viruses, Trojans exploit weaknesses in Microsoft`s Outlook e-mail package.

One of the first spam-driven Trojans to emerge was called "Jeem" and hid within it an e-mail engine so it could efficiently route messages via an infected computer.

Another, dubbed Proxy-Guzu, arrives as a spam message with another file attached. Clicking on the attachment initiates a set of instructions that makes it contact a Hotmail account with information about the infected machine.

This makes it possible for a spammer to route mail through this computer, effectively nullifying any attempt to trace the source of the spam. Investigators on the trail of the spammer will only be able to identify the net address of the innocent computer.

Probably the most significant hijacking program to-date has been the AVF virus. An obvious virus/spam amalgamation, AVF opens a backdoor in the computer, which any number of spammers can use to send out their junk mailings.

Again, the system ensures almost total anonymity for any spammer because it is virtually impossible to trace the route back.

More seriously, virus writers are increasingly adopting the tactics of spammers to spread their own malicious creations.

Recently a warning about these spam-viruses was released by the Corporate IT Forum (TIF), an association for senior technology managers working at more than 130 of the UK`s largest organisations.

David Roberts, chief executive of TIF, is reported to have said that clicking on a link in a spam e-mail is the equivalent of handing a burglar the keys to your house and there could be a very nasty shock lurking behind each and every spam e-mail.

The huge rise in the amount of unsolicited messages in inboxes worldwide is a clear indication of trouble ahead.

Already 65% of spam is sent from hijacked computers and it is feared that new generations of spam will include sophisticated key logging programs capable of stealing login details, passwords and credit card numbers.

If this continues, spammers could overwhelm the entire Internet system, moving them from being a nuisance source to outright law-breakers with a heavy price on their heads.

What is needed is co-ordinated global action against the menace of spam. Governments should cooperate to formulate anti-spam legislation that can be enforced globally.

The alternative is that e-mail will increasingly be seen as a risk and it will lose its position as one of the most productive means of communication the world has yet seen.