The Null Device

Spammer hijacks PHP server

The spammers are getting smarter; they've taken to exploiting security holes in things such as PHP photo gallery scripts and installing custom spam servers on the compromised machines. Here's an article by someone who found his machine sending spam and reverse-engineered the spam daemon (which had been carefully hidden and rather cunningly designed), unearthing a spam operation involving machines in the US, Germany and Russia. The steps in the reverse-engineering are described in the PDF document, along with links to the various tools and kernel patches used.

This makes one wonder: could this be the tip of the iceberg? If this is one of the spam bots that has been found, could there be others even more stealthily hidden? It would theoretically be possible to design one which works as a kernel-module root kit, invisibly integrating itself into the running Linux kernel and operating without any trace visible from the machine. (Given the Siberian connection, there are probably vast communities of ex-KGB security experts and unemployed engineering PhDs (most of whom play a mean game of chess, too) capable of coding some fiendishly sophisticated exploits, many willing to work for whoever pays in hard currency; and that's only looking at potential talent in Russia; there certainly enough highly talented programmers out there to write incredibly elaborate and sneaky exploits for the reward of one sucker in 100 million sending their credit card number; how's that for an asymmetric warfare scenario?)

There are 1 comments on "Spammer hijacks PHP server":

Posted by: mitch http:// Thu Oct 9 09:29:13 2003

In *Neuromancer*, the AI of the title begins to assemble its team of hackers by infiltrating the cyber-psychotherapy of ex-Special Forces hero Willis Corto. I now wonder if, rather than emanating from a corporate mainframe, something like this will one day reach out to us from the spam/virus nexus. ILoveYou is a primitive early example. And consider Al Qaeda's website exploits. Long after the human leadership is dead, a worm could keep posting agitprop in hacked websites, keeping the jihad alive.