Subscribe to RSS News Feed
About Spamhaus  |  Press Office  |  FAQs   
Increasing Spam Threat from Proxy Hijackers

2005-02-03 23:15:00 UTC, by Steve Linford
Recent News Articles

Network Hijacking on the Rise

Subscription Bombing: COI, CAPTCHA, and the Next Generation of Mail Bombs

More Domain Stats: The 10 Most Abused Registrars

SBL/ZEN DNS lookups to return DROP/eDROP status

Spamhaus Presents: The World's Worst Top Level Domains

Verizon Routing Millions of IP Addresses for Cybercrime Gangs

Brazilian internet users suffer SoftLayer's security fail

Network under attack? You might be surprised where that's coming from!


Older News Articles:
Spamhaus News INDEX

Spam, now at 75% of all email traffic arriving at most ISPs mail servers, has come mainly from two types of source - either sent directly by the spammer, or sent by the spammer through a hijacked computer (proxy). For most anti-spam systems these two sources have been relatively easy to deal with, as they can both be efficiently blocked.

But sources are changing, and with them spam volumes. Over the last few months a number of major email services reported to Spamhaus that the source of their incoming spam was changing and they were seeing far more spam coming directly from the major mail relays of other ISPs. AOL, one of the first to notice the change months before others, now reports that over 90% of its incoming spam comes directly from other ISP mail relays.

This change in proxy-spam activity is caused by new versions of the stealth proxy spam software ("spamware") released by proxy spammers, software specially written to take control of private computers, usually those on the world's broadband networks, and to use them to send out spam for pornography or illegal drugs from without the PC owner's knowledge or permission, by acting as an anonymous "proxy" for the spammer. New versions of proxy spamware packages released by Russian spammers operating in the US now have a feature which instructs the hijacked proxy to send the spam out via the mail relay of the ISP the proxy is downstream of.

Spamhaus sees this change and the increase in spam it is producing as a threat to be taken seriously. At the current pace of ever-incrementing spam levels Spamhaus predicts that by mid-2006 spam could reach 85% of all email traffic and we would at that stage begin to see visible signs of a slow meltdown of some email delivery systems caused by overloaded email queues and stressed spam filters.

We are now increasing our efforts to tackle the vendors of illegal proxy hijacking software, and those who knowingly host them, and advising mail services to take protective measures to avoid or lessen the problem, such as, 1) Throttle the outgoing mail from IPs of broadband customers, 2) Separate the incoming and outgoing SMTP servers, 3) Mandate email authentication (SMTP-AUTH) for all customers.



------
Update: 2005-02-04 20:10:41
NB: Contrary to a press article which reported erroniously that we had stated that the world's email delivery system is "about to collapse" (a misquote based on which a number of 'competitive' security solutions vendors including spam filter firm Postini then jumped in to criticize what they didn't realize wasn't correct), we stress that - as our article states above - Spamhaus states we see the rise in spam and change in spam source as a threat which, if not acted on, would in a year's time begin to cause email delivery problems. Collapse? Certainly not. Serious threat? Certainly.


Spamhaus Information

Press Office
Spamhaus News Index
Spamhaus in the media
About Spamhaus
Spamhaus Official Statements
Article Information

Permanent link to this news article:
Increasing Spam Threat from Proxy Hijackers
https://www.spamhaus.org/news/article/156/increasing-spam-threat-from-proxy-hijackers

Subscribe to RSS News Feed
Spamhaus News Quotes

Permission to quote from or reproduce Spamhaus News articles is granted automatically providing you state the source as Spamhaus and link to the news record.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy