IE 11 is not supported. For an optimal experience visit our site on another browser.

Spam-sending PCs could be kicked offline

Nation's largest ISPs announce set of radical spam solutions, including cutting off Internet users who are unknowingly sending out unwanted e-mails.

On a day when a spam-fighting firm revealed it had discovered a disturbing new tactic used by spammers, the nation's largest ISPs announced a set of radical spam recommendations, including cutting off Internet users who are unknowingly sending out unwanted e-mails.

Both events highlight the increased use of hijacked home computers by those who seek to distribute unwanted e-mail marketing pitches.

On Tuesday, a consortium calling itself the Anti-Spam Technical Alliance -- including industry heavyweights America Online, Microsoft, Yahoo, and Earthlink -- announced a set of recommendations for all Internet providers to help fight spam. The suggestions include cutting off e-mail access to Internet users when their computers are hijacked and used to send spam.

About a year ago, spammers en masse began taking advantage of hijacked home computers to send their e-mails. Now, according to spam fighting firm, nearly two-thirds of all spam is sent via such computers. AOL says the number is even higher -- perhaps 9 in 10 spams come from so-called "zombie" machines.

The move by the Anti-Spam Technical Alliance might be seen as drastic in some quarters, since it could effectively cut off thousands or even millions of Internet users who unknowingly have Trojan horse programs on their machines which can be used to send out spam.

Realistically, Internet providers couldn't do that -- they'd be flooded with customer service phone calls, said Brian Czarny, spokesman for MessageLabs.  The firms will likely limit outgoing e-mails to 100 or 500 per day, then send a message to users saying they must clean up their machines before they can send more e-mail.

Personalized spam
Meanwhile, researchers at MessageLabs have discovered a small but growing new trend among spammers -- highly targeted e-mail marketing messages, designed by watching recipients via some kind of spyware. In one example Czarny cited, a spammer actually lifted a daughter's name from a Net user's computer, then turned around and sent a spam with a subject line referencing the daughter. In another example, Web users who recently surfed travel sites received only travel-related spam.

"What they are doing is, spammers are becoming more like traditional marketers," Czarny said. "They are adding personalization into the spam messages they send. ... Adding your daughter's name to the subject line is likely to get you to open up the message."

Spammers can either trick consumers into installing spyware on their machines, or use existing spyware, he said. A recent Earthlink survey indicated that 1 in 3 computers on the Internet had some kind of spyware installed.

Controversial proposal
The Anti-Spam Technical Alliance also proposed several measures designed at more accurately identifying the real sender of e-mails. Since obscuring return address in e-mails is common, it's easy for spammers to hide behind technology.

But the noisiest recommendation had to do with limiting the number of e-mails users could send, or cutting off their ability to send e-mail all together, if they are found to be sending spam. AOL officials defended the radical suggestion.

“It’s much the way a credit-card company would look for ... suspicious spending on your credit card and either contact you or secure your account immediately,” Carl Hutzler, director of anti-spam operations at AOL, told Reuters.

Earthlink chief architect Robert Sanders said the company was doing consumers a favor by shutting off their e-mail, because their computers are already infected with a malicious program.

"It's slowing your machines down and jeopardizing your ability to send e-mail," he said. "This announcement is great news for consumers."

Earthlink users who are cut off are notified electronically by the company, he said. In one practice being tested, the next time they log on, users are only able to view a single Earthlink Web page that describes the unhealthy condition of their computer, and provides links to software that will clear up the problem.

Reuters contributed to this report.