Several small Internet service providers have been shocked to see some of their most unlikely users turn into spammers. But it turns out the users are unwitting tools of a new virus that experts say is the first case they've seen of hackers finding a way to commercially exploit their skills.
The scheme -- seemingly spread across desktops in the form of a virus -- was tested by hackers throughout June, apparently to explore the possibility of infecting home machines with software that would generate unsolicited bulk email without the knowledge of the machines' owners.
"I believe it was a dry run," said Michael Reaves, systems administrator at Adimpleo/FirstNetSecurity.com. Reaves' organisation registered the first case of a "spamming trojan" on 14 June, in the San Francisco Bay area, on Excite@Home's network. He believes a commercial version will soon be launched.
The virus was designed with a simple succession of points and clicks, using a widely available worm-writing tool such as The Visual Basic Worm Generator, experts believe. The virus carries a trojan -- a piece of hacker software that installs itself on users' machines after an email attachment is downloaded.
The trojan--nicknamed the spamming trojan for its function -- then generates spam e-mails from users' accounts, using their names and targeting the people to whom they send e-mail. Got an email from your grandmother advertising the services of an adult Web site? Don't get mad -- her computer's been infected by the spamming trojan virus.
It's the unlikely nature of the users who turned into spammers overnight that caught network administrators' attention in the first place.
"I got an abuse report from somebody in Florida and was very surprised, because we run a very clear network and got just three abuse reports in three years," said Don Lashier, owner of Newport Internet in Oregon. "I checked into it, and the spammer was this middle-age woman we know well." Newport Internet has only 1,000 users, and Lashier knows many personally.
Further investigation revealed the user was unwittingly generating spam, seemingly advertising services on an adult Web site -- with one caveat: the ad had no HyperText Transfer Protocol links, leading Lashier to believe a spamming trojan was being tested.
While individual users generate very little spam -- three or four messages per day - Reaves believes the problem is amplified by the proliferation of distributed, remote systems management tools, which have been used in the past to launch denial-of-service attacks. This time, hackers could use the same topology to generate massive volumes of spam.
"Hackers now can make money," Reaves said.
Jupiter Research estimates the volume of opt-in email will reach 268 billion messages by 2005, generating revenue of $7.3bn. Security experts say some of this cash is bound to end up in spammers' pockets.
The spamming trojan could be prevented by users installing filters to block spam and viruses or by ISPs taking measures to curb spam and increase security.
Is your PC safe? Find out in ZDNet UK's Viruses and Hacking News Section.
Have your say instantly, and see what others have said. Click on the TalkBack button and go to the Security forum.