February 7, 2005 2:45 PM PST

MCI accused of harboring spammers

Antispam nonprofit group The Spamhaus Project has accused United States-based Internet service provider MCI of hosting a Web site that distributes malicious software used by spammers.

In an article published on its Web site last Friday, Spamhaus alleged that the telecommunications giant's servers are home to the Web site of a "bulk mailing" program called Send-Safe.

Spamhaus said Send-Safe takes remote control of broadband computers. This enables spammers to use these compromised machines, or "zombies," as proxy servers to send mass e-mails without the computer owners' knowledge. This can let a spammer evade spam blacklists.

"This, for Spamhaus, is the crux of the spam problem," the report said. "Because MCI WorldCom not only knows they are hosting the Send-Safe spam operation, MCI's executives know Send-Safe.com uses the MCI network to sell and distribute the illegal Send-Safe proxy hijacking bulk mailer, yet MCI has been providing service to Send-Safe.com for more than a year."

However, MCI has denied that it hosts the Send-Safe Web site, saying instead that the company's site is hosted by a company leasing a line from MCI.

"I'm familiar with the allegations," said Timothy Vogel, director of MCI's technology and network legal team. "Every Internet provider has spammers on its network. If they send spam, that's a violation of policy, and we would take action to take them down.

"At this moment we have no complaints of Send-Safe sending spam. Send-Safe certainly could be used for illegal purposes. But if someone used a crowbar to burgle a house, you don't arrest the hardware store. We take the allegations very seriously."

Security experts at MessageLabs confirmed that the Send-Safe program is malicious. According to MessageLabs, Send-Safe is behind a recent spate of spam attacks on ISP mail servers. It added that the program is able to manipulate any computer infected with versions of the Sobig, Sober and MyDoom viruses, using them to send spam via an ISP's mail server to avoid being blocked by a blacklist of domain names used by known spammers.

"There's a new version of Send-Safe affecting anything with blacklisting capability," said Mark Sunner, chief technology officer of MessageLabs. "Are we going to see more spam because of this? Yes. I don't want to be accused of scaremongering, but we are," he said.

"Here we have a brilliant example of how spammers have found a way of getting around filtering," Sunner added. "You can bet your life that service providers are seeing a big increase in traffic on their mail servers."

Spamhaus said new versions of Send-Safe are being released using the same time frame as new Sobig virus variants, suggesting a link between the program and the virus.

Dan Ilett of ZDNet UK reported from London.

1 comment

Join the conversation!
Add your comment
Send-Safe vs. a crowbar
Timothey Vogel at MCI says: "At this moment we have no complaints of Send-Safe sending spam. Send-Safe certainly could be used for illegal purposes. But if someone used a crowbar to burgle a house, you don't arrest the hardware store."
The difference between Send-Safe and a crowbar is that a crowbar has many legal and legitimate uses, but the only use for Send-Safe is spamming. Surely it is obvious to anyone that "bulk email software ... [which provides] anonymous instant delivery" (from <a class="jive-link-external" href="http://www.send-safe.com" target="_newWindow">http://www.send-safe.com</a>) is software designed for use by spammers.
If I may adapt Vogel's analogy, Send-Safe is not a crowbar, it is a burglar's toolkit and instruction book.
Posted by (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.