AU white-lists used to spam US ISPs - News - Security

To print: Select File and then Print from your browser's menu

--------------------------------------------------------------
This story was printed from ZDNet Australia.
--------------------------------------------------------------

AU white-lists used to spam US ISPs

By Patrick Gray, 0
October 13, 2003
URL: http://www.zdnet.com.au/news/security/soa/AU-white-lists-used-to-spam-US-ISPs/0,130061744,120279598,00.htm

Offshore spammers are targeting Australian broadband users in order to exploit their ISPs' white-list arrangements with large U.S.-based ISPs.

Telstra BigPond users have been among those targeted. BigPond customers who install insecure mail server software -- which is configured by default to allow spammers to relay their messages -- has been used as a foot-hold for spammers to get on to the BigPond network. Once they've taken over the user's machine they can access the BigPond mail servers, just as Telstra's own customers can.

A spokesperson for Telstra said its servers are appealing to spammers because U.S.-based ISPs such as AOL are configured to always allow mail from BigPond servers.

"Spammers who find broadband vulnerabilities can utilise the BigPond relays in certain instances... and take advantage of BigPond white-listing agreements," the spokesperson told ZDNet Australia.

The technique is nothing new, according to SpamTrap's operations manager Michael Herman. Spammers would rather configure vulnerable mail servers that are configured to act as open-relays to send messages through BigPond's mail servers -- the practice makes it virtually impossible for ISP's receiving the spam to simply drop all messages originating from the telco's mail systems.

"There's less motivation to block Telstra's mail servers because it will hurt their customers more," Herman said.

By mixing their spam with as much legitimate traffic as they can, it makes it harder for the recipients to filter the good from the bad -- if the spammer simply uses the vulnerable open-relay as a one-stop spam relay, then network operators can just blacklist that machine's IP address and the spam will be rejected, he said.

BigPond isn't the only Australian ISP to be targeted. "Has it happened at other ISP's? Definitely," Herman added.

In response to these types of spamming techniques, Telstra scans its customers for vulnerable open-relay configurations. If it finds one, it contacts the customer and instructs them on tightening up their security.

"Proactive checking and shutting down of open-relay and BigPond customers who a using the system fraudulently ensures we remain off the blacklisting sites," the spokesperson said.

Telstra has found itself on the wrong side of an AOL list before. In April this year the company's mail servers were black-listed by the U.S. giant. Telstra at the time believed the action wasn't deliberate but the result of a mistake on the part of AOL.