Over a thousand unsuspecting Netizens have had their computers hijacked by hackers using them for porn sites, and they're not likely to have suspected as much unless they're "technologically sophisticated," the New York Times reported this week.
"The hijacked computers, which are chosen by the hackers apparently because they have high-speed connections to the Internet, are secretly loaded with software that makes them send explicit Web pages advertising pornographic sites and offer to sign visitors up as customers," the Times said, adding that the program only briefly downloads the porn and is both invisible to the user and doesn't harm or disturb the computer's operation.
"Here people are sort of involved in the porno business and don't even know it," said independent computer researcher Richard M. Smith to the Times, after he spotted the problem earlier in July. Smith believes hackers in a ring directing the traffic to the hijacked computers might be traceable to Russian spammers who cloak their identities, hide behind a ring of machines, and thus duck Internet service providers getting complaints about the porn, the Times continued.
"Why don't (more) people have firewalls," said Videosecrets's Greg Clayman, reacting to the Times story, raising the question about the most effective protection against this kind of attack. "You can get a firewall for under $200 these days, and you're talking about computer equipment that's a reasonably priced piece of equipment.
"What these hackers do is they keep pinging and they're set up to keep pinging servers across a wide-area network and if they find a ping if they can actually get in that server's identified as a usable server," Clayman continued. "That's how they know which ones can be used and which ones can't be used."
Homegrown Video chief Spike Goldberg concurred. "It's a sad state of affairs in today's computer world, but you have to have some sort of diligence to know you can be a target the moment you go on the Internet." Both men said it was critical for computer users to do what they could to mask their Internet protocol addresses in the presence of these and similar computer attacks.
"It's becoming not so much more of a problem as it's becoming more of a recognized problem," Clayman said. "This kind of activity has been going on for years. Now it's becoming more noteworthy or noticeable."
The ring of hijackers also uses the "stolen" computers for spam and possibly credit and other personal information mining, the Times said, adding that several analysts fear the possible future uses of this kind of hijacking – like child porn.
"There's no individual computer to shut down," Smith told the paper. "We're dealing with somebody here who is very clever." The Times went on to say, however, that this version of the ring isn't entirely anonymous, "since the hijacked machines download the pornographic ads from a single Web server," said to be owned by Everyones Internet, a Houston independent which also offers Web host services.
Everyones Internet vice president of operations Jeff Lowenberg told the Times he wasn't aware of illegal activity on any of his company's computers, but the company will investigate. An unnamed Justice Department official told the Times the hack ring could be violating two provisions minimum of the federal Computer Fraud and Abuse Act.
"Neither Mr. Smith nor Mr. Stewart has found a simple way to tell whether a computer is infected," the Times said. "Technically, the rogue program is a reverse proxy server, which turns a computer into a conduit for content from a server while making it appear to be that server. Mr. Smith said when word of the program gets out, antivirus companies are likely to offer quick updates to their products to find and disable the invasive software."
The "rogue program" reportedly doesn't affect Macintosh computers or machines running Unix or its variants, the paper said.
