'Zombie PCs' proliferate xenophobic spam deluge

Internet service providers around the world are battling to stem a deluge of spam with xenophobic content written in German.

Internet service providers around the world are battling to stem a deluge of spam with xenophobic content written in German.

The messages attack asylum seekers as well as eastern European and Balkan immigrants to Germany. Some messages contain links to German language xenophobe websites.

It is believed that the spam avalanche was triggered by the European Union elections to be held in most of Europe this Sunday.

The spam is being sent out via a large "zombie army" of compromised and remotely controlled PCs. Spam samples seen by Computerworld arrived via Xtra dial-up accounts.

However, reports on the New Zealand Network Operator's Group mailing list indicate that compromised systems belonging to ISP customers nationwide have been involved in the spam run.

Brenden Philips, mail administrator at Palmerston North ISP Inspire Net said that most New Zealand ISPs have reported seeing an increasing rate of German spam messages".

"The flow of messages into Inspire Net's mail servers started quite heavily and has ramped up to about 8,000 messages per hour that are being blocked by our content filters this morning," he added.

The version of the Trojan Horse used to compromise the machines is unknown, but Philips said, "We have seen a 65% drop off in Sober.G virus infected mails in the same period which could mean that the spam is being generated by machines compromised by that family of viruses.".

Microsoft platform strategy manager Brett Roberts said the spam attack was the result of "a certain number of home PC users who are immune to the 'Protect Your PC' message".

"No matter how easy we make it to patch and how much noise we make about firewalls, there still seem to be people who don't care or understand enough to make their PC safe from exploitation," Roberts said. "Microsoft needs to find a way to get the message through to these people."

Roberts also felt that "ISPs could do could do a lot with regard to this problem".

"I'm sure that telcos would consider disconnecting the phone lines of people who attach non-compliant equipment to them but we don't see the same level of rigour applied to people attaching rogue devices to the internet," said Roberts.

Juha Saarinen writes for Computerworld New Zealand Online

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.