NY Times Documents Consumer and Small Business Role in SPAM
The New York Times reports that many consumers and small businesses with insecure computers on broadband connections unwittingly serve as relays for SPAMmers. It is somewhat surprising that the Times laid so much of the blame for Internet insecurity on so many users in the North America and Europe, when it's so easy to cite poorly-configured servers in some Asian countries known for lax computer security procedures.
Yet, the Times says that a major part of the open relay problem is caused by the insecure configuration of client-level proxy servers such as AnalogX Proxy. According to the aricle:
AnalogX Proxy, a free proxy-server program that has been downloaded by more than a million people, is automatically in the open state when it is first installed. Mark Thompson, the author of AnalogX, said he had rebuffed the requests of many antispam activists to distribute the software with the security features already activated because doing so would make it harder to set up.
"The biggest plug for the proxy is it is really easy to get it running," he explained. Mr. Thompson said he did try to achieve a compromise by revising the program to give people a warning about security problems every time it starts.
Even so, Wirehub, a Dutch Internet service provider, says that 45,000 of the 150,000 open proxy servers it has identified as sending spam appear to be using AnalogX.
The idea that a Dutch ISP has 150,000 open proxy servers ought to scare people to death. Then again, how many open wireless LANs are there in densely populated areas of the Netherlands?
Open wireless LANs, in the hands of the right people, are just as dangerous as open proxy servers. The big difference is that the abuser needs to be physically near the WLAN access point.