Compromised PCs used for massive xenophobic spam run

Internet service providers in New Zealand and around the world are battling to stem a deluge of spam with xenophobic content in German. The messages attack asylum seekers as well as eastern European and Balkan immigrants to Germany. Some messages contain links to German language xenophobe Web sites.

It is believed that the spam avalanche was triggered by the European Union elections to be held this Sunday.

The spam is being sent out via a large “zombie army” of compromised and remotely controlled PCs. Spam samples seen by Computerworld arrived via Xtra dial-up accounts. However, reports on the New Zealand Network Operator’s Group mailing list indicate that compromised systems belonging to Internet Service Provider (ISP) customers nationwide have been involved in the spam run.

Brenden Philips, mail administrator at Palmerston North ISP Inspire Net said that as of about 1p.m. yesterday most New Zealand ISPs have reported seeing an increasing rate of German spam messages.”

He added that “the flow of messages into Inspire Net’s mail servers started quite heavily and has ramped up to about 8000 messages per hour that are being blocked by our content filters this morning.”

The version of the Trojan Horse used to compromise the machines is unknown, but Philips said “We have seen a 65 per cent drop off in Sober.G virus infected mails in the same period which could mean that the spam is being generated by machines compromised by that family of viruses.”.

Microsoft New Zealand platform strategy manager Brett Roberts says the spam attack was due to “a certain number of home PC users who are immune to the “Protect Your PC” message”.

“No matter how easy we make it to patch and how much noise we make about firewalls, there still seem to be people who don’t care or understand enough to make their PC safe from exploitation,” Roberts says. “Microsoft needs to find a way to get the message through to these people.”

Roberts also felt that “ISPs could do could do a lot with regard to this problem.”

“I’m sure that telco’s would consider disconnecting the phone lines of people who attach non-compliant equipment to them but we don’t see the same level of rigor applied to people attaching ‘rogue devices’ to the internet,” says Roberts.

A Telecom spokesman says there has been no impact on the network from the wave of spam.

“There are no reports from the helpdesk of unusual customer complaints with this one.”

Related Download
CanadianCIO Census 2016 Mapping Out the Innovation Agenda Sponsor: Cogeco Peer 1
CanadianCIO Census 2016 Mapping Out the Innovation Agenda
The CanadianCIO 2016 census will help you answer those questions and more. Based on detailed survey results from more than 100 senior technology leaders, the new report offers insights on issues ranging from stature and spend to challenges and the opportunities ahead.
Register Now