Cloaking Devices Aid Spammers

Cory Kincaid
In an unholy marriage between hackers and junk email spammers, any hope of putting a stop to the senseless bombardment of email spam could be a losing battle, thanks to the persistent ingenuity of the hacker community.

The newest byproduct to emmerge from this lesser-known aspect of the Internet is stealth hosting, or cloaking, a system that is ideal for making the origin of spam activity nearly invisible to the online community. Cloaking enables some of the more blackmarket spam entities to be virtually untraceable by authorities, anti-spam vigilanty groups, ISPs, and web hosting companies.

With the aid of hackers, who ride the constantly evolving wave of Internet technology, a new generation of identity-less spammers are being born, and both sides are profiting hugely, according to industry experts. And as high-speed Internet connections continue to proliferate throughout the world, the ease with which hackers can hijack hosted websites is getting even easier.

Because of this new alliance between spammers and hackers, anti-spam advocates might find themselves unable to lessen the amount of spam circulating through the Internet. From the hacker/spammer perspective, the marriage is made in heaven because it gives spammers the ability to set up untraceable websites on hacker-controlled networks and hijacked PCs.

In most cases, spam cloaking, or stealth hosting services hack into web host servers and create an invisible veil over the spammer's website that even the host or ISP cannot track down, no matter how 'anti-spam' that particular ISP might be.

According to SEGuru founder Daron Babin, who deals mainly with search engine cloaking: "Technology for manipulating surfers is continuing to evolve, and the control that webmasters can have with cloaking technology to either hide their deceptive practices, or to protect their integrity and hard work, acts as a double-edged sword and should be wielded very carefully," he told XBiz.

U.K-based Spamhaus Project defines spam as email content that the recipient receives without granting verifiable permission for the message to be sent to his/her email browser.

"To be spam, a message must be sent unsolicited and bulk. Unsolicited email is normal email (first contact inquiries, job inquiries, sales inquiries, etc.). Bulk email is normal email (newsletters, discussion lists, etc.). Only the combination of unsolicited and bulk email is spam," Spamhaus said.

Before this new trend took hold, spam product emails could often be identified by the IP address attached to the spammer's website. Hosting companies could then be alerted to what the website owner was up to and shut them down.

And while many ISPs and web hosting companies have their own anti-spam rules, some more strict than others, the ability for spammers to cloak their existence on the web has created a virtual underworld of untraceable IP addresses.

In many regions of the world, especially Poland, the Soviet Union, and other European countries, hackers are profiting hugely by making their cloaking services available to the worldwide circuit of spammers.

In June of this year, CircleID writer and security expert Richard M. Smith reported that more than 1,000 home computers had been hijacked by hackers, installed with a new Trojan horse program, and used to host a large number of small websites soliciting spam.

According to Stewart: "To make it more difficult for these websites to be shut down, a single home computer is used for only 10 minutes to host a site. After 10 minutes, the IP address of the website is changed to a different home computer. The hacker is able to do this quick switching because he has installed DNS name servers for his domains on other home computers under his control.

In the case of search engine cloaking, webmasters can keep the prying eyes of the World Wide Web away from their optimized code while at the same time optimize for different search engine spiders that crawl the web looking for search results.

"Cloaking allows you to control the look and feel of the way any given spider perceives your site," SEGuru's Daron told XBiz. "Meaning, my website could deliver numerous different index pages to numerous different search engines while the end user sees only what the webmaster wants them to see."

"Coming from a certain destination, search engine cloaking can be used as a marketing tool, but at the same time its original intention is to hide highly optimized html code from competing websites while handing that optimization to a search engine spider," Daron told XBiz.

According to Spamhaus Project, there is still a glimmer of hope in slowing down the growing trend in spam cloaking by applying a diligent tracking and blacklisting system of DNS name servers.

The Spamhaus Block List (SBL) is a free, real-time DNS-based database of IP addresses belonging to verified spam sources (including spammers, spam gangs and spam support services). SBL is designed to help email administrators better manage incoming email streams.

According to Spamhaus, more than 90 percent of the world's bulk spam email originates in the U.S.

Former California Gov. Gray Davis recently signed the nation's most far-reaching anti-spam law that bans most types of unsolicited commercial email, targets both the spam senders and the companies that advertise with them, and provides penalties of up to $1 million.