Skip to content


Spammer ‘Cloaking Devices’

Spam: Cloaking Device Made for Spammers (Wired).

‘Try to find the real IP,’ he said. ‘This host is in, the most antispam ISP.’ A traceroute to the site indicated that it was being hosted on a computer apparently using cable modem service from Comcast.

It’s using DNS trickery and a set of reverse proxies. This is standard practice among a small number of the upper echelon of spammers these days.

Of course, many of the techniques used to do this — such as the subversion of Wintel PCs on cable modem networks — are highly illegal, so the spammer/crackers are heading deep into jail-time territory.

I’m really posting this because of this entry at Boing Boing, in which Cory notes: ‘I’m pretty skeptical about the untraceability of these systems — I suspect that rather, they are resistant to some tools, not resistant to others, and not hard to write new tools to uncover.’

They’re untraceable from where we’re standing — these are compromised machines. The only way to trace from that machine onwards, is for the abuse staff of those machines’ ISPs to help out, or to get hold of the machine itself. This is not so easy — which is why the spammers do it.

(I would have posted this as a comment on BB!, but they’ve stopped accepting comments, as noted previously. grr)

Anyway. As time goes on, the development of Wintel spamware-installing worms, and hands-on cracking of Unix servers to install trojans (PDF), is becoming more and more common. There’s definitely an increasing crossover between spammers, virus-writers and crackers, as the Wired News article notes.

This is very much illegal activity under existing computer crime laws, and much more serious than whatever the anti-spam legislation out there considers spamming to be. Maybe the big spammers are going increasingly ‘all-out’, given that the lawmakers are finally giving the anti-spam laws some teeth…