Spammers are now said to be routing massive amounts of unwanted e-mail through their Internet service providers' computers, rather than sending it directly from individual machines, a technique that may negate anti-spam blacklists and could cripple electronic communication, according to such analysts as anti-spam group Spamhaus.
Spam is now estimated at 75 percent of all e-mail traffic coming into most ISP mail servers, and until now it was usually from one of two kinds of sources – the spammers themselves, or hijacked proxy computers, both of which can be blocked efficiently, Spamhaus said February 3. Not so with routing it through their ISPs' computers, the group said, and not with America Online saying that over 90 percent of its incoming spam is coming from other ISP relays.
"This change in proxy-spam activity is caused by new versions of the stealth proxy spam software ('spamware') released by proxy spammers," Spamhaus said, "software specially written to take control of private computers, usually those on the world's broadband networks, and to use them to send out spam for pornography or illegal drugs from without the PC owner's knowledge or permission, by acting as an anonymous 'proxy' for the spammer."
The new versions of these proxy spamwares are believed to have been released by Russian programs operating in the United States, Spamhaus said, and they instruct the hijacked proxy to send out the spam by way of the proxy computer's upstream ISP.
"From what we've seen, the volumes of this type of spam are going up dramatically," Spamhaus Project chief Steve Linford told reporters. "We're really looking at a bleak thing" unless ISPs counterattack, he added.
America Online reportedly saw this new spam flushing technique as early as fall 2003, but has had a difficult time convincing people that it's serious.
One of the software programs believed to be deeply responsible for the new spam technique is Send-Safe. Its own Website describes it as "a bulk e-mail software program based on a unique know-how sending technology. It provides real anonymous instant delivery – you can use your regular Internet connection because your IP address will never be shown in the e-mail headers. Send-Safe performs e-mail validation and displays delivery statistics in real time, which gives you the ability to evaluate the quality of your mailing lists. Send-Safe mailing software is free of charge. Our pricing is based on the number of e-mails you send over a given period of time."
Spamhaus said Net registration records show the Send-Safe site registered to a Florida company, and hosted online by MCI division UUNet Technologies. Linford told reporters Spamhaus has asked MCI to yank the Send-Safe site because the software has a reputation as a prime spam tool developed by "a notorious spammer," but MCI has countered that UUNet leases the Internet address to a company that hosts the site – and that MCI has no desire to censor Internet content, unless it violated MCI anti-spam policy.
The "notorious spammer" in question turns out to be Ruslan Ibragimov, a Russian who is known to operate in or through the U.S., and whose products have been chased off at least a few ISPs in the past few years. Ibragimov is listed on Spamhaus's Registry of Known Spam Operations, a listing the group makes only when a spammer has been terminated by at least three ISPs for spam.
