Spam: Cloaking
Device Made for Spammers (Wired).
‘Try to find the real IP,’ he said. ‘This host is in rackshack.net, the
most antispam ISP.’ A traceroute to the site indicated that it was being
hosted on a computer apparently using cable modem service from Comcast.
It’s using DNS trickery and a set of reverse proxies. This is standard
practice among a small number of the upper echelon of spammers these days.
Of course, many of the techniques used to do this — such as the
subversion of Wintel PCs on cable modem networks — are highly illegal, so
the spammer/crackers are heading deep into jail-time territory.
I’m really posting this because of
this entry at Boing Boing, in which Cory notes: ‘I’m pretty skeptical
about the untraceability of these systems — I suspect that rather, they
are resistant to some tools, not resistant to others, and not hard to
write new tools to uncover.’
They’re untraceable from where we’re standing — these are compromised
machines. The only way to trace from that machine onwards, is for
the abuse staff of those machines’ ISPs to help out, or to get hold
of the machine itself. This is not so easy — which is why the spammers
do it.
(I would have posted this as a comment on BB!, but they’ve stopped
accepting comments, as noted previously. grr)
Anyway. As time goes on, the development of Wintel spamware-installing
worms, and hands-on cracking
of Unix servers to install trojans (PDF), is becoming more and more
common. There’s definitely an increasing crossover between spammers,
virus-writers and crackers, as the Wired News article notes.
This is very much illegal activity under existing computer crime laws, and
much more serious than whatever the anti-spam legislation out there
considers spamming to be. Maybe the big spammers are going increasingly
‘all-out’, given that the lawmakers are finally giving the anti-spam laws
some teeth…
Tags: boing, cable, cloaking, computer, device, machine, modem, spam, spammers, wintel, wired
