ISPs crippled by spam bug

US-based internet security researchers have confirmed that a worm is behind the sharp jump in spam activity which has seen Australian telco Telstra's BigPond ISP take a battering. Other major global ISPs are also starting to creak under the pressure.

Symantec's US security team said spammers are using a multitude of Windows systems compromised by the worm to send massive amounts of unsolicited email, clogging the messaging systems of major ISPs across the globe.

Symantec believes a variation of the Randex worm, first discovered in August, has inserted a backdoor Trojan named mprox, discovered 30 September, into a large number of Windows-based systems.

Windows-based systems infected by mprox provide spammers with an open relay or "proxy server" for sending email and other messages.

"Spammers are using these distributed proxy servers to send out massive amounts of spam and we're seeing this in lots of locations - we're seeing heavy traffic," said Vincent Weafer, senior director of Symantec Security Response.

Randex attempts to propagate by seeking out systems near its host and attempting to log in to them using simple passwords. Each system it annexes is infected with the Trojan.

Most varieties of Randex affect Windows 2000, Windows NT and Windows XP systems, and according to security researchers the worm was designed to be controlled remotely through an Internet Relay Chat (IRC) channel.

According to Weafer, ISPs began reporting the surge in unsolicited email last week.

Andrew Colley writes for ZDNet Australia