Stay on top of the latest tech news with our free IT News Digest newsletter, delivered each weekday.
Automatically sign up today!


Dan Ilett

Special to CNET

Antispam nonprofit group The Spamhaus Project has accused United States-based Internet service provider MCI of hosting a Web site that distributes malicious software used by spammers.

In an article published on its Web site last Friday, Spamhaus alleged that the telecommunications giant’s servers are home to the Web site of a “bulk mailing” program called Send-Safe.

Spamhaus said Send-Safe takes remote control of broadband computers. This enables spammers to use these compromised machines, or “zombies,” as proxy servers to send mass e-mails without the computer owners’ knowledge. This can let a spammer evade spam blacklists.

“This, for Spamhaus, is the crux of the spam problem,” the report said. “Because MCI WorldCom not only knows they are hosting the Send-Safe spam operation, MCI’s executives know uses the MCI network to sell and distribute the illegal Send-Safe proxy hijacking bulk mailer, yet MCI has been providing service to for more than a year.”

However, MCI has denied that it hosts the Send-Safe Web site, saying instead that the company’s site is hosted by a company leasing a line from MCI.

“I’m familiar with the allegations,” said Timothy Vogel, director of MCI’s technology and network legal team. “Every Internet provider has spammers on its network. If they send spam, that’s a violation of policy, and we would take action to take them down.

“At this moment we have no complaints of Send-Safe sending spam. Send-Safe certainly could be used for illegal purposes. But if someone used a crowbar to burgle a house, you don’t arrest the hardware store. We take the allegations very seriously.”

Security experts at MessageLabs confirmed that the Send-Safe program is malicious. According to MessageLabs, Send-Safe is behind a recent spate of spam attacks on ISP mail servers. It added that the program is able to manipulate any computer infected with versions of the Sobig, Sober and MyDoom viruses, using them to send spam via an ISP’s mail server to avoid being blocked by a blacklist of domain names used by known spammers.

“There’s a new version of Send-Safe affecting anything with blacklisting capability,” said Mark Sunner, chief technology officer of MessageLabs. “Are we going to see more spam because of this? Yes. I don’t want to be accused of scaremongering, but we are,” he said.

“Here we have a brilliant example of how spammers have found a way of getting around filtering,” Sunner added. “You can bet your life that service providers are seeing a big increase in traffic on their mail servers.”

Spamhaus said new versions of Send-Safe are being released using the same time frame as new Sobig virus variants, suggesting a link between the program and the virus.

Dan Ilett of ZDNet UK reported from London.