Are You Helping a Spammer?

Bad guys can hijack your PC and use it to transmit trash with impunity.

You're a responsible citizen, right? You wouldn't offer a lift to a fleeing bank robber. You wouldn't share inside information about your company with a stock-speculating domestic goddess. You probably wouldn't even help a slumping big leaguer cork his bat.

But you may be unwittingly helping spammers fling their annoying and often obscene come-ons all around the Internet. And the danger isn't just that you're helping to perpetuate some get-rich-quick scams--you may also get saddled with loads of problems if a junk mailer successfully sets up shop inside your PC.

According to many experts, it's fast becoming standard operating procedure for spammers to "hijack" unsuspecting users' PCs and steal their hardware and network resources to send unsolicited e-mail. The practice is "absolutely epidemic," says Robert Arnold, an abuse investigator at EarthLink. "We block thousands of [hijacked PCs] that are generating spam every day. And when it does happen, most [victims] are completely unaware that anything's wrong."

Spammers aren't the only culprits, either: Researchers recently said that hackers were using similar hijacking techniques to use innocent people's PCs for hosting pornographic Web sites.

Spammers get into people's systems by exploiting holes in the intricacies of network settings that few users worry about. The wrongdoers may find these vulnerabilities already in existence on your system, or they may get you to download a virus that creates a security breach in your PC. Antivirus researchers, for instance, say this summer's Sobig virus was likely created by spammers as a way to gain access to people's machines. Once spammers locate or create a hole, they're in business. And while your machine is sending out thousands of bogus stock tips or invitations to view bizarre versions of animal husbandry, you may notice nothing more than a slight slowdown in your Internet connection.

Covering Their Tracks

What's in it for spammers? Protection against efforts to shut them down. As the pressure to stop unsolicited messages increases, ISPs are closing spammers' accounts more quickly. So spammers are routing their e-mail through computers owned by unsuspecting Net users, making it almost impossible to track down and stop the real "herbal Viagra" sellers.

Though the junk mailers get a new lease on life, the people whose systems they use get nothing but trouble. You could end up on a blacklist and have your legitimate e-mail messages blocked by ISPs trying to stop the spread of spam. You'll probably get a stern talking-to from your ISP and have to change some network settings to safeguard your system. And it's possible your system could be damaged by the spammer's use of your network, processor, and drives.

In many cases, spammers gain access to individual systems by taking advantage of open relays or open proxies, which are basically security vulnerabilities in your mail server or in the software that allows several PCs to share an Internet link. Here's how open relays and proxies work:

When you send e-mail on a secure mail server, such as that of an established ISP, the server checks your password or IP address to make sure you're an authorized user before sending your mail. In an open relay (also known as a third-party or insecure relay), the mail server will process any e-mail message, regardless of whether it's to or from an authorized user. A spammer who acquires the IP address of an insecure mail server can simply tell the server to send junk to any user on any mail server at any domain.

Most users don't have to worry much about open relays, as long as they're using an established ISP with secure servers. If you're not sure about your service provider, check its Web site or contact the support department; ISPs should always provide publicly accessible policies that outline their security precautions.

But if either you or your business is running its own mail server, you could be at risk of having an open relay. Check with the maker of your mail server software to be sure that your server is properly and securely configured.

Proxy Danger

Proxies are most often found in academic networks or in a home or small-office system with a broadband connection. Proxy software allows PCs within a network to share an Internet connection and be recognized with the same IP address. Open proxies, though, will accept and process requests from users outside the network they serve--putting out the welcome mat for spammers who want to hide their true IP address.

If you use Windows Internet Connection Sharing, or if you share your broadband connection via a standard gateway from a company such as D-Link or Netgear, you probably have no cause for concern. Open proxies generally result from having a proxy application, such as AnalogX Proxy, that has not been properly configured. Unless you are an experienced network administrator, it isn't always clear how to secure such software so that it will allow connections only from local network users.

Spammers don't need to be particularly savvy to find open relays and proxies: Plenty of readily available scanners and automated applications do nothing but scour the Web looking for openings. These tools enable a spammer to effortlessly get all the information necessary to infiltrate someone's machine.

As if that were not enough, however, some spammers now gain access to PCs by duping users into installing virus-laden applications through peer-to-peer file-sharing sites such as Kazaa. These viruses can install open proxies on otherwise secure systems and set up e-mail generators that surreptitiously exploit the victim's resources to foist a steady stream of spam on other people.

Most users learn that their systems have been invaded only if their ISP traces the spam back to their computer and notifies them. EarthLink's Arnold says most hijack victims are surprised to hear that they've been targeted, but readily cooperate to close security holes.

In an effort to tighten security, some ISPs, such as the broadband provider Road Runner, routinely do probes of subscribers' connections, attempting to identify network holes and vulnerabilities. While you probably don't need to fret about Road Runner techies getting access to your personal information via a probe, there's something unnerving about the idea of your ISP actively trying to find a way into your hard drive--even in the name of keeping the troublemakers out.

Probes, whether they're from the good guys or the bad guys, won't be a problem if you make certain your system is secure. Suppose you have a home office with DSL or cable modem broadband access and a wireless network. You use spam filters, regularly update your virus protection software, and even have a firewall to protect your network. Does that mean you're safe from spammers and their nefarious deeds? Not necessarily, according to Arnold. "Home network security is like a sieve, and there are a lot of infected computers out there. Spammers are constantly disguising their tools and rotating locations. In this Internet climate, you should always be vigilant."

Stay current with all available vendor security patches, especially for your operating system and browser; security experts say that you can avoid most network intrusions by installing updates when they become available. (For news on the latest security holes and patches, read Bugs and Fixes each month.)

As always, be extremely discerning about opening e-mail file attachments. If you use a file sharing application, you're playing with fire--be extra cautious when downloading files, and limit the directories you share. (See this month's Privacy Watch for tips on sharing files safely.)

And finally, if you're serving as your own network administrator and aren't sure about whether your security settings are sufficient, consult an expert. Web sites such as Mail Abuse Prevention System have tools to test your system for security glitches and offer advice on how to beef up your settings.

To learn more about controlling spam and protecting yourself against hijackers, visit the Coalition Against Unsolicited Commercial Email, Junkbusters, or spam.abuse.net. You'll be helping yourself--and maybe just about everyone else who has an e-mail in-box.

Anne Kandra is a contributing editor for PC World. E-mail her at consumerwatch@pcworld.com. Click here to view past Consumer Watch columns.