Munir Kotadia
ZDNet UK
December 03, 2003

PCs that have been compromised by Trojans are being used by spammers to relay vast amounts of email and avoid detection.

One third of all spam circulating the Web is relayed through PCs that have been compromised by Remote Access Trojans (RATs), according to corporate spam and antivirus company, Sophos.

Graham Cluley, a senior technology consultant for Sophos, said on Wednesday that the increasing use of broadband Internet connections and a general lack of security awareness have resulted in around one in three spam emails being redirected through the computers of unsuspecting users. "There are lots of people on cable modems and broadband connections that haven't properly secured their computer. They don't know it, but their PC is being used as a relay for sending spam to thousands and thousands of other people. We believe that 30 percent of all spam is being sent from compromised computers," he said.

Cluley said that if a RAT is able to get into a PC, an attacker could take full control of that PC, as long as it is connected to the Internet. "They can steal information, read files, write files, send emails from that users name -- it is as though the attacker has broken into the office or home and is sitting in front of that computer," he said.

There is also very little chance that the PC's owner will have any idea their system is being used by a third party, said Cluley, who warned that an attacker could remove any traces of their activity, so that there would be no obvious record: "It is really just network and Internet bandwidth that is suffering -- there is no permanent record left on the PC that you can look up -- you wouldn't see anything if you checked your Outlook sent items folder," he said.