Consumer Watch: Are You Helping a Spammer?

Proxy Danger

Proxies are most often found in academic networks or in a home or small-office system with a broadband connection. Proxy software allows PCs within a network to share an Internet connection and be recognized with the same IP address. Open proxies, though, will accept and process requests from users outside the network they serve--putting out the welcome mat for spammers who want to hide their true IP address.

If you use Windows Internet Connection Sharing, or if you share your broadband connection via a standard gateway from a company such as D-Link or Netgear, you probably have no cause for concern. Open proxies generally result from having a proxy application, such as AnalogX Proxy, that has not been properly configured. Unless you are an experienced network administrator, it isn't always clear how to secure such software so that it will allow connections only from local network users.

Spammers don't need to be particularly savvy to find open relays and proxies: Plenty of readily available scanners and automated applications do nothing but scour the Web looking for openings. These tools enable a spammer to effortlessly get all the information necessary to infiltrate someone's machine.

As if that were not enough, however, some spammers now gain access to PCs by duping users into installing virus-laden applications through peer-to-peer file-sharing sites such as Kazaa. These viruses can install open proxies on otherwise secure systems and set up e-mail generators that surreptitiously exploit the victim's resources to foist a steady stream of spam on other people.

Most users learn that their systems have been invaded only if their ISP traces the spam back to their computer and notifies them. EarthLink's Arnold says most hijack victims are surprised to hear that they've been targeted, but readily cooperate to close security holes.

In an effort to tighten security, some ISPs, such as the broadband provider Road Runner, routinely do probes of subscribers' connections, attempting to identify network holes and vulnerabilities. While you probably don't need to fret about Road Runner techies getting access to your personal information via a probe, there's something unnerving about the idea of your ISP actively trying to find a way into your hard drive--even in the name of keeping the troublemakers out.

Probes, whether they're from the good guys or the bad guys, won't be a problem if you make certain your system is secure. Suppose you have a home office with DSL or cable modem broadband access and a wireless network. You use spam filters, regularly update your virus protection software, and even have a firewall to protect your network. Does that mean you're safe from spammers and their nefarious deeds? Not necessarily, according to Arnold. "Home network security is like a sieve, and there are a lot of infected computers out there. Spammers are constantly disguising their tools and rotating locations. In this Internet climate, you should always be vigilant."

Stay current with all available vendor security patches, especially for your operating system and browser; security experts say that you can avoid most network intrusions by installing updates when they become available. (For news on the latest security holes and patches, read Bugs and Fixes each month.)

As always, be extremely discerning about opening e-mail file attachments. If you use a file sharing application, you're playing with fire--be extra cautious when downloading files, and limit the directories you share. (See this month's Privacy Watch for tips on sharing files safely.)

And finally, if you're serving as your own network administrator and aren't sure about whether your security settings are sufficient, consult an expert. Web sites such as Mail Abuse Prevention System have tools to test your system for security glitches and offer advice on how to beef up your settings.

To learn more about controlling spam and protecting yourself against hijackers, visit the Coalition Against Unsolicited Commercial Email, Junkbusters, or spam.abuse.net. You'll be helping yourself--and maybe just about everyone else who has an e-mail in-box.