"I guess it's the logical thing to do," said Jay Heiser, research director at analysts Gartner. "If customers have access to information from ISPs that can be used to re-route emails through them, then it only makes sense."
The trojan works by sending spam via the mail server of its computer's registered ISP. Blocking spam coming from ISPs is difficult unless sophisticated content filtering is implemented, so the technique could herald a major rise in spam.
"Over the last few months ISPs have responded to the problem of zombie networks sending spam by blocking port 25 [the port through which emails from personal computers are sent]," said Paul Wood chief information security analyst as secure messaging firm Messagelabs.
"What this trojan does is to figure out the host from the ISP, so its not specifically dumb robots sending spam but the ISPs themselves."
Comcast was one of the providers that blocked port 25, a move that immediately reduced spam traffic. Now it, and many other ISPs are under threat from the new spamming technique.
Earlier this year US ISP Verizon came under attack for its brute blocking of port 25, refusing to accept emails sent from Europe. "Sometimes these policies just don't work," said Wood.