- Impact
- 1
SAN FRANCISCO, California (Reuters) -- Close to 2,000 Windows-based PCs with high-speed Internet connections have been hijacked by a stealth program and are being used to send ads for pornography, computer security experts warned.
It is unknown exactly how the so-called "Trojan" program is spreading to victim computers around the world, whose owners most likely have no idea what is happening, said Richard M. Smith, a security consultant in Boston.
Security provider Network Associates rated the trojan a low risk since it did not appear to be more widespread and was not harming the victim computers.
Trojan programs are typically spread via e-mail viruses and can also sneak onto computers through Web browsers when surfing, he said.
Turning PCs into proxy servers
The trojan, dubbed "Migmaf" for "migrant Mafia," turns the victim computer into a proxy server which serves as a sort of middle man between people clicking on porn e-mail spam or Web site links, according to Smith.
It allows the victim computer to fetch porn Web ads from an undisclosed server and pass the ads on to other computers either through an e-mail spam or a Web browser.
The victim computer acts as a "front" to the porn Web site, enabling the porn Web servers to hide their location, Smith said.
PayPal scam may be related
The scam also is believed to be responsible for a PayPal scam discovered last week designed to collect credit card information from people who filled in a form they received via e-mail purporting to be from Web payment provider PayPal, Smith said.
Smith said he suspects whoever is responsible for the Migmaf scam may be in Russia because some e-mail addresses involved in the scheme go back to Russian servers and there are other Russian language references in some domain names that are involved.
Get behind a firewall
Broadband Internet users should always use firewalls to block such stealth activity, he said.
Computers with updated anti-virus software will also be protected, said Lisa Smith, a product manager for Network Associate's McAfee consumer division.
In addition, there is software designed to specifically block trojan-type programs, like BBX Technologies' ImmuneEngine.
It is unknown exactly how the so-called "Trojan" program is spreading to victim computers around the world, whose owners most likely have no idea what is happening, said Richard M. Smith, a security consultant in Boston.
Security provider Network Associates rated the trojan a low risk since it did not appear to be more widespread and was not harming the victim computers.
Trojan programs are typically spread via e-mail viruses and can also sneak onto computers through Web browsers when surfing, he said.
Turning PCs into proxy servers
The trojan, dubbed "Migmaf" for "migrant Mafia," turns the victim computer into a proxy server which serves as a sort of middle man between people clicking on porn e-mail spam or Web site links, according to Smith.
It allows the victim computer to fetch porn Web ads from an undisclosed server and pass the ads on to other computers either through an e-mail spam or a Web browser.
The victim computer acts as a "front" to the porn Web site, enabling the porn Web servers to hide their location, Smith said.
PayPal scam may be related
The scam also is believed to be responsible for a PayPal scam discovered last week designed to collect credit card information from people who filled in a form they received via e-mail purporting to be from Web payment provider PayPal, Smith said.
Smith said he suspects whoever is responsible for the Migmaf scam may be in Russia because some e-mail addresses involved in the scheme go back to Russian servers and there are other Russian language references in some domain names that are involved.
Get behind a firewall
Broadband Internet users should always use firewalls to block such stealth activity, he said.
Computers with updated anti-virus software will also be protected, said Lisa Smith, a product manager for Network Associate's McAfee consumer division.
In addition, there is software designed to specifically block trojan-type programs, like BBX Technologies' ImmuneEngine.
