F-Secure.com
A screen capture of Send-Safe, an easy-to-use spamming tool.
By Bob Sullivan Technology correspondent
msnbc.com
updated 2/3/2005 7:38:12 PM ET 2005-02-04T00:38:12

The most notorious automatic spam-sending software on the Internet has introduced a new feature that stealthily gets around key anti-spam filters.

SendSafe is popular with spammers because it is easy to use. With drag-and-drop bulk e-mailing capabilities, the Windows program can turn anyone into a spammer overnight. SendSafe users "rent" lists of compromised home computers, which are then used as an army of e-mail spam machines. No hard figures are available, but Internet security experts believe that SendSafe and a similar program called Direct Mail Sender are used by a majority of spammers.

Spam fighters beat back these programs by blacklisting the Internet address of infected computers, but it's a tough game of whack-a-mole. Each week, another 100,000 home machine become infected, says Steve Linford, who operates the blacklist organization Spamhaus.org.

But now, SendSafe's authors have installed a new feature that gives spammers another leg up in the spam arms race.

Linford, whose blacklist filters out 8 billion spam e-mails a day, says the feature could render services like his useless -- and severely increase the already overwhelming amount of spam Internet users receive.

The feature allows spammers to make their zombie-sent e-mail appear as if it were sent directly from an Internet service provider's systems. Since it's not feasible to filter out an entire Internet provider's e-mail, the new SendSafe program foils the entire blacklisting system, Linford says.

"Internet users are going to be flooded in spam," Linford predicted. Spam is already about three-fourths of all e-mail, he said.

Internet spam can be filtered at many levels. Most users now have a junk e-mail folder, for example, where their Internet provider deposits messages deemed to be unwanted solicitations.  But the filtering Spamhaus is describing occurs at the network level, which prevents spam e-mail from even getting inside an Internet provider's systems.

Disagreement on severity of the problem
America Online spokesman Nicholas J. Graham said his firm began seeing the tactic back in September 2003, and largely has it under control. But he added that there may be problems for some Internet users.

"It will potentially be a bit of a roller-coaster of a spam ride on certain networks," he said.

However, Mikko H. Hypponen, a spokesman for antivirus firm F-Secure.com, didn't sound the alarm bell quite so loudly.

"The ISP can easily see that the e-mail traffic from a specific user is up 5,000 percent and shut it down," he said. 

Still, Mark Sunner, chief technology officer at e-mail filtering firm MessageLabs, echoed Linford's concern, agreeing that the new spam trick could become a severe problem.

"I wouldn't want to hit the panic button, but this is definitely serious," he said.  "We've seen just in last few weeks a surge of spam coming (using this method)."

Sunner said smart spammers are judicious with their use of hijacked PCs, and often don't send out enough e-mail to call attention to them. Without having to worry about blacklists, spammers will have a much easier time sneaking their e-mails to the Internet, he said.

"In the absence of a decent filtering service, people will feel this," he said. "Going forward, this puts more pressure on ISPs themselves."

© 2013 msnbc.com Reprints

Discuss:

Discussion comments

,

Most active discussions

  1. votes comments
  2. votes comments
  3. votes comments
  4. votes comments