Post by ironman on May 9, 2005 21:13:46 GMT 1
Spam blacklist targets Telewest
By Mark Ward
Technology Correspondent, BBC News website
Viruses and worms have hijacked the home PCs
Almost one million net addresses owned by UK cable firm Telewest have been blacklisted by an anti-spam group.
The Spam Prevention Early Warning System blacklisted the addresses because many of the machines using them have been hijacked by spammers.
The army of remotely-controllable machines have probably been recruited by viruses and worms.
Telewest said it knew about the problem and was working with customers to regain control of their home computers.
Home invasion
The blacklists produced by the Spam Prevention Early Warning System (Spews) are used by many organisations as a way to filter e-mail.
When an e-mail message arrives, the net address it is sent from is checked against the list. The message is blocked and deleted if it has been sent from a known spam address.
This blocking by net address has become more important as malicious hackers and cyber criminals have started recruiting home PCs to act as proxies and send out spam on their behalf.
We are currently contacting affected customers to help them clean their PCs which, as you can imagine, is a time-consuming task
Telewest statement
Some of the so-called zombie armies can include thousands of machines.
PCs on broadband connections are coveted by spammers as they tend to stay online longer and have more bandwidth to use for sending mail.
In late April, Spews announced that it had started blocking more than 900,000 net addresses used by Telewest's Blueyonder broadband service. Many were suspected of being used by spammers.
In a statement Telewest said: ""We are aware of the increase in e-mail volumes due to customers' PCs which have been infected by worms and viruses."
Telewest blamed recent virus outbreaks for the sudden rise in the number of hijacked home PCs.
"We are currently contacting affected customers to help them clean their PCs which, as you can imagine, is a time-consuming task," it said.
Telewest also said it was working on a more permanent solution to problem by installing security systems within its network.
It added that later this year it will also make a package of PC protection measures available to Blueyonder customers.
Big problem
Blacklists were a very blunt tool to tackle the problem of zombie computers, said Matt Peachey, European director of Ironport software which monitors net addresses to spot which ones have been hijacked by spammers.
Mr Peachey said Spews tended to block big chunks of net addresses rather than the few within that range that are actually spamming.
"I would challenge the idea that all the net addresses they are blocking are spamming," he said.
Spammers tended to frequently change the PCs they use to send junk mail, said Mr Peachey, which can mean lists go out of date quickly.
Ironport's own statistics, gathered on its Senderbase website, show that currently more than 16,000 computers on the Telewest network had an e-mail engine installed.
Most of those were likely to be hijacked home PCs, said Mr Peachey, because officially Telewest only runs nine servers that route e-mail for its customers.
One hijacked PC on the Telewest network was sending out more than 100,000 e-mail messages per day, he said.
Many other net service firms were struggling to control the armies of hijacked PCs on their networks, according to Mr Peachey.
By Mark Ward
Technology Correspondent, BBC News website
Viruses and worms have hijacked the home PCs
Almost one million net addresses owned by UK cable firm Telewest have been blacklisted by an anti-spam group.
The Spam Prevention Early Warning System blacklisted the addresses because many of the machines using them have been hijacked by spammers.
The army of remotely-controllable machines have probably been recruited by viruses and worms.
Telewest said it knew about the problem and was working with customers to regain control of their home computers.
Home invasion
The blacklists produced by the Spam Prevention Early Warning System (Spews) are used by many organisations as a way to filter e-mail.
When an e-mail message arrives, the net address it is sent from is checked against the list. The message is blocked and deleted if it has been sent from a known spam address.
This blocking by net address has become more important as malicious hackers and cyber criminals have started recruiting home PCs to act as proxies and send out spam on their behalf.
We are currently contacting affected customers to help them clean their PCs which, as you can imagine, is a time-consuming task
Telewest statement
Some of the so-called zombie armies can include thousands of machines.
PCs on broadband connections are coveted by spammers as they tend to stay online longer and have more bandwidth to use for sending mail.
In late April, Spews announced that it had started blocking more than 900,000 net addresses used by Telewest's Blueyonder broadband service. Many were suspected of being used by spammers.
In a statement Telewest said: ""We are aware of the increase in e-mail volumes due to customers' PCs which have been infected by worms and viruses."
Telewest blamed recent virus outbreaks for the sudden rise in the number of hijacked home PCs.
"We are currently contacting affected customers to help them clean their PCs which, as you can imagine, is a time-consuming task," it said.
Telewest also said it was working on a more permanent solution to problem by installing security systems within its network.
It added that later this year it will also make a package of PC protection measures available to Blueyonder customers.
Big problem
Blacklists were a very blunt tool to tackle the problem of zombie computers, said Matt Peachey, European director of Ironport software which monitors net addresses to spot which ones have been hijacked by spammers.
Mr Peachey said Spews tended to block big chunks of net addresses rather than the few within that range that are actually spamming.
"I would challenge the idea that all the net addresses they are blocking are spamming," he said.
Spammers tended to frequently change the PCs they use to send junk mail, said Mr Peachey, which can mean lists go out of date quickly.
Ironport's own statistics, gathered on its Senderbase website, show that currently more than 16,000 computers on the Telewest network had an e-mail engine installed.
Most of those were likely to be hijacked home PCs, said Mr Peachey, because officially Telewest only runs nine servers that route e-mail for its customers.
One hijacked PC on the Telewest network was sending out more than 100,000 e-mail messages per day, he said.
Many other net service firms were struggling to control the armies of hijacked PCs on their networks, according to Mr Peachey.
