Category: Computer Security

Posted on
by

Via Email Battles: First ‘warspamming’ case reaches court.

Basically the guy (allegedly) drove around LA with a laptop looking for insecure wireless networks, then connected to them and sent spam using people’s home accounts.

The term comes from wardriving — driving around looking for unsecured networks — and warchalking — marking walls or sidewalks to indicate the presence, type and speed of the networks found. Early wardrivers discovered that Pringles cans make good amplifiers.

Further etymology: according to the Jargon File, war-driving is a play on war dialer. War dialers were programs that would call up a series of phone numbers looking for modems, faxes, or other phone-based systems it might be able to crack into. And that term started out as wargames dialer, a reference to the film War Games. (Whew!)

It turns out that warspamming is older than I thought: the term was coined two years ago, though this is the first case to go to trial. The defendant is being tried under CAN-SPAM, which went into effect this past January.

An interesting statement from the article:

If Tombros is convicted or pleads guilty then warspamming — also known as drive-by spamming — will move from being just a theoretical possibility to a genuine threat.

What, so in the two years since someone came up with the idea, no one has ever seen it done? And we have to wait for a conviction to determine whether it’s happened now? We don’t need to wait for a trial to know that spammers — an annoyingly resourceful lot — are using thousands of virus- and spyware-infested home computers as zombies. Warspamming doesn’t even require programming skills (or ties to virus writers — although I understand access to already-compromised networks has become a brisk business on the black market.) Surely someone has logs to show that it’s been done.

Update October 4: The defendant was convicted. Apparently, this is the first conviction obtained under CAN-SPAM. (via The War on Spam)

Posted on
by

Via The War on Spam and The Spam Weblog:

Hackers hijack federal computers. Apparently the DOJ discovered, during their crackdown on cybercrime, that hundreds of Department of Defense and Senate computers had been turned into zombies.

Nice.

Can we really be sure they were only used to send spam? After all, zombies are generally the result of viruses, worms or trojans that install backdoors, so that the attacker can run anything on the system. Setting up a distributed and disguised spam-sending network just happens to be the most profitable application right now, but you can bet there are a lot of people out there who would love to take over — or just look through — US military computers.

I don’t know about you, but I find this really disturbing.

“Would you like to play a game?”

Posted on
by

When I worked at a computer lab in college, the main security focus was preventing lab visitors from screwing around too much with the computers. We just ran Windows NT and locked it down as hard as possible. The worst network-based threat I remember facing was WinNuke, and that was just as likely to be another lab tech. Some of the early email viruses started circulating while I was there, but since it was a public lab, we didn’t provide any email programs; people would telnet into the mail server and use Pine. (This was pre-Hotmail, too.)

In my wired-for-ethernet campus housing, however, all bets were off. I watched people remotely controlling each others’ computers as pranks, or discovering hackers had gotten onto their systems from halfway across the planet, and figured it was safer to use Linux most of the time. This actually got me in trouble with the network admin at one point, who decided I must be running a server and shut off my port. It did at least teach me to disable services that were turned on by default, though I saw no indication that anything on there was actually being abused.*

Firewalled

Then there were firewalled environments. Still back in college, we rigged up my parents’ house for a home network. My brother put together a Linux box to dial into the Internet and act as a gateway, and effectively everything inside the network was safe from direct attacks. No point in internal firewalls, and since everyone was savvy enough to avoid the really nasty stuff (which was easier at the time), virus scanners were only a precaution, rather than a necessity.

For the past few years I’ve mainly worked with Continue reading

Posted on
by

By way of Justin Mason and the SpamAssassin mailing list comes this post about writing add-ons for Outlook.

Seth Goodman writes of Outlook’s contact list:

This feature was apparently added for the convenience of virus writers, who it appears were one of the key groups that set the design requirements for this product

Ronald F. Guilmette replies:

So if I want source code for a software tool that can extract addresses from a personal Outlook address book, I guess that I should just go out and hire a virus writer! Hummm. I would have no problem with that. At least this would give them some honest work for a change… keeping them off the streets and out of trouble for a short while.

So now, where does one post a ‘HELP WANTED’ ad for a virus writer?

Posted on
by

More “You sent a virus!” garbage going around. It’s gotten to the point where I don’t even look at most delivery failure notices, which means I could easily miss errors about mail I really did send.

I got ticked off enough this time that I wrote back to the return address on the warning, matching the tone and structure of their message as closely as possible:

An invalid virus notice was found in an Email message you sent. Your Email scanner recognized a virus as W32/MyDoom-O but did not take into account the fact that this virus always uses a fake sender address.

Please update your virus scanner or contact your IT support personnel as soon as possible as you are sending bogus virus warnings to third parties whose systems are not infected with the virus. This runs the risk of causing unnecessary concern among the less tech-savvy (and extra calls to tech support about the nonexistant virus they fear they have). I would recommend reading up on the phrase “crying wolf” as well.

ยปAll pages site-wide with this tag