Does this remind you of Alien?
- More than a thousand unsuspecting Internet users around the world have recently had their computers hijacked by hackers, who computer security experts say are using them for pornographic Web sites.
The hijacked computers, which are chosen by the hackers apparently because they have high-speed connections to the Internet, are secretly loaded with software that makes them send explicit Web pages advertising pornographic sites and offer to sign visitors up as customers.
….The hackers operating the ring direct traffic to each hijacked computer in their network for a few minutes at a time, quickly rotating through a large number. Some are also used to send spam e-mail messages to boost traffic to the sites.
“Here people are sort of involved in the porno business and don’t even know it,” said Richard M. Smith, an independent computer researcher who first noticed the problem earlier this month. Mr. Smith said he thought the ring could be traced to Russian senders of spam, or unwanted commercial e-mail.
By hiding behind a ring of machines, the senders can cloak their identity while helping to solve one of the biggest problems for purveyors of pornography and spam: getting shut down by Internet service providers who receive complaints about the raunchy material.
….The creators of the ring, whose identities are unknown, are collecting money from the pornographic sites for signing up customers, the security experts say. Many companies play this role in Internet commerce, getting referral fees for driving customers to sites with which they have no other connection.
The ring system could also be used by the hackers to skim off the credit card numbers of the people signing up, said Joe Stewart, senior intrusion analyst with Lurhq, a computer security company based in Myrtle Beach, S.C.
….As network administrators have gradually shut down the open relay networks, spam senders have used viruses to plant similar capabilities on home and business computers.
But this appears to be the first viral infection to cause target computers to display whole Web sites, Mr. Smith, the researcher, said.
A Justice Department official said that the computer ring, as described to him, could be a violation of at least two provisions of the federal Computer Fraud and Abuse Act.
The ring has also been used to run a version of a scheme for collecting credit card information from unwary consumers that has been called the “PayPal scam,” Mr. Smith said. The hijacked computers send e-mail messages that purport to come from PayPal, an online payment service owned by eBay, asking recipients to fill out a Web site form with account information. [NY Times]
This PayPal scam has hit me twice now – if you have a PayPal account, do NOT click on the email link. If you have any questions about your account go directly to it via http://paypal.com and verify it that way. And don’t forget Spybot Search and Destroy to eliminate your spyware and recurring popups – I run that about once a week to clear out all the accumulated crap.