Recently we had a problem that is typical in this business. One of our wireless sectors has approximately 45 active customers. Suddenly the volume of data flow being transferred to and from the ISP by that sector went up by two-thirds.

Unlike Prodigy, which clamps their more popular speeds to 1 and 2 megabytes, this local ISP provides a certain amount of bandwidth to each sector allowing much better upload and download speeds should there not be any heavy use. But with the volume up considerably, the speeds were down enough that we began to get complaints. The problem was quite easy to identify. The technician/owner of the ISP was able to identify the single account that was using all of this extra bandwidth. He immediately clamped down the connection speed to this account to stop the abuse. At about that same time the 25-year old computer savvy son of the account holders discovered that one of the family computers was infected with a virus and was able to delete the offending program, and thereby solve the bandwidth problem. Once the technician determined that the problem had been solved, the account was unclamped.

I’m guessing here, but looking at the ratio of upload to download from this account, the infected computer was sending out large amounts of spam. An up-to-date antivirus program would have caught this problem.

Earlier that week we had another problem not related to the problem above. We received a call from a client who normally sent out perhaps three e-mails and received less than a dozen per day. That person had received more than 3,000 emails during the last 24 hours all in the form of returned mail from mail servers that received emails sent to an account that was no longer active. The clients didn’t send these emails out, a spammer did. It’s just that the fake return address the spammer used happened to be that of our client.

How did this happen? Most likely a computer that had been taken over by a virus was spreading spam much like the example explained above. Most likely, the virus in this computer entered the infected computer’s email program and randomly selected one of the many email addresses recorded in the infected computer’s email address book and assigned it to the thousands spam emails it sent out. And when a spammer sends out tens of thousands of emails, it’s unsurprising that thousands are wrong and are sent back to the fake return address on the spam email.

The best way to stop these spammers is to make spamming unprofitable by never buying anything advertised by spam again. Also make sure your anti-virus programs are running and up-to-date, making it harder for the spammers to take over your computer.