I harp on the need to keep your PC patched and updated a lot. Most folks wouldn’t drive their car without changing the oil regularly, but when it comes to keeping their PC patched and their virus scanner software up to date they seem to think it’s not important. These days, however, the danger goes beyond just the possibility that your PC might get wiped out from a virus. Key logging software and Trojans of all sorts are waiting to gain a foothold on your PC. You’ve all heard of how thousands of infected PCs are commonly used to launch denial of service attacks against various websites. Now some hackers have figured out they can make some money by helping the Spammers make their websites “invisible” to attempts to track it down. They’re accomplishing this with PCs that have been “hijacked” in a manner similar to methods used for DNS attacks.
The beauty of invisible hosting, according to Tubul, a representative of the Polish group who would not provide his full name, is that the untraceable site can even be located on servers operated by major Web hosting firms with tough antispam policies.
When asked on an online chat for a demonstration of the stealth hosting service, Tubul provided the address of a website selling generic Viagra and other drugs.
“Try to find the real IP,” he said. “This host is in rackshack.net, the most antispam ISP.”
A traceroute to the site indicated that it was being hosted on a computer apparently using cable modem service from Comcast.
“Fake,” said Tubul.
Indeed, when a traceroute to the site was performed moments later, it appeared to be hosted on a computer with a DSL connection from Verizon.
Another site, hosted by the Polish group. offers free credit consultations. Traceroutes to the site, removeform.com, also provided ever-changing results, ranging from a computer connected to a DSL line in Israel to another provided by EarthLink. However, the title of the site’s home page consistently read “Yahoo Web Hosting,” suggesting it was actually located on a server run by the Internet giant.
According to Tubul, his group controls 450,000 “Trojaned” systems, most of them home computers running Windows with high-speed connections. The hacked systems contain special software developed by the Polish group that routes traffic between Internet users and customers’ websites through thousands of the hijacked computers. The numerous intermediary systems confound tools such as traceroute, effectively laundering the true location of the website. To utilize the service, customers simply configure their sites to use any of several domain-name system servers controlled by the Polish group, Tubul said.
Folks, if you’re running Windows and you’re not visiting Windows Update on a regular basis (at least monthly) then you’re leaving yourself wide-open to having your PC used for all manner of nefarious purposes. You should also have a current virus scanner installed that automatically updates on it’s own. Ideally a firewall package installed on your PC if you’re using broadband would be nice as well, but at a minimum visits to Windows Update and a good virus scanner will do wonders to ensure you’re not part of the problem.