Skip to navigation
   
Davey Winder's Blog
RSS

Botnet spam tricks are bad for business

By Davey Winder in Editorial

Posted in Spam on October 22, 2006 at 3:29 pm

Permalink | Author Profile

Look out folks, the SpamThru Trojan which has been out in the wild for some months has just got even more dangerous, or so my security vendor research lab insiders tell me, and it was already one mean mother. The latest version of the thing has all the trappings of being backed by one of the better funded criminal gangs, it is no script kit concoction that is for sure, despite it being based on an already existing exploit.

Indeed, it uses pirated copies of Kaspersky Lab AV software to clean the bots that it infects and so get rid of competing infections that would otherwise use CPU resources that it wants total ownership of. One really cannot help but to have just the slightest tinge of admiration for the pond-life that come up with these things, purely from the devious use of technology perspective of course. These guys figured out that by using the same API as embedded within the WinGate proxy software they could get Kaspersky software to do their dirty work for them. The code being developed now is not your typical back bedroom spotty oink stuff of a few years back, but of a quality right up there with games developers, application software developers and the like. Indeed, one has to suspect that talented coders are making the conscious decision to take the dark-development route, most likely spurred on by a hefty financial incentive.

Indeed, SpamThru is so clever that it actually encrypts all the spam message templates that it distributes to the bot network, and even uses a fully custom P2P protocol for inter-bot machine communication. This allows it to avoid the problem that some spam botnets encounter when a central control server is knocked out of play. SpamThru can simply and quickly update all bots with new control server details using the P2P network.

So should you be worried? You betcha. Ignore the small size of the botnet as it stands currently, which I am led to believe is between 2000 and 3000 bots, it is the technology being used that concerns me and should concern you. This, plus the fact that some researchers are pointing to links between these small botnets and a much larger controlling botnet in the background. Spam is big business that is bad for your business, that is the bottom line. But it is likely to be the smaller business that is infected, as enterprise level protection should kick SpamThru out of the field before it could do any damage. By forcing host based firewalls to click through

12345
Not yet rated
Loading ... Loading ...

Previous Post | Next Post

 
 
Comments
This article has no comments yet.

Make a comment

* required

* required

We stop spam using reCaptcha.
Type the words below and click Submit Comment.

   
Tag cloud

nightmare management Microchip carbon copy Project Google Opinion virus eBook ROFL Mobile Phones Eee PC tax Flash Government Trousers iPod development policy environment Amazon PS3 technology scareware Zango virtual machine Election archiving politics hardware teleworking Education Mars biometrics theft web broadband Pirate Kill Switch Apps Spotify games VPN IP Web Development Madness Trojan Retail work second life graphics spending Google Earth Twitter Sex USA Palm Pre monetisation Rant web 2.0 Browser Browsers smartphone dumb Eee HP Top 10 christmas HPC ISPA Johnny Depp XP virtualisation ID Theft Beta CAPTCHA Blogging universe Conference hacking size money Notebooks phishing Psion Research Data Centre fake holidays Software museum mobile services MessageLabs fun Nexus Porn Recall Jobs Vista Steve Ballmer Sony home meme migration NASA SMS scam fraud Gadget Adobe Energy patch management Silverlight iPhone 3GS InfoSec Networks Developers news banks debian Battery Internet BSI Geeks Addiction Intel spam ISP Paris Hilton Russia economics Kaspersky App VeriSign shopping recession iPhone Experiment gaming Windows Phone 7 Series privacy standards Employment computers science computing printing Windows betting documentation Guardian surveys Kindle NBC earth hour Dell Acer patent Press football Business Palm report Review email remote data protection credit card fraud MiniBook Analysis Music gadgets YouTube Patents support Video snooping Game malware copyright Military Facebook stupidity admin GSM black hat Digital Footprint security China Steve Jobs data ecommerce Linux Marketing FBI Yahoo Media MSN e Licensing Ballmer Psychic App Store RATM hacker Android Texting iPhone 3G Obama Windows 7 Cisco staffing botnet worm Netbook desktop Mobile Phone office parental control symantec world of warcraft The Federation service economy productivity disclosure law Children survey Top 500 digitise Rumour School acquisition e-commerce President chips compromise prison Gateway VM SSL linkedin Europe Space Enterprise Bill Gates Nintendo AMD Jesus Phone cloud terrorism exploit Health help storage encryption Big Brother IBM Mafia family Blog mail statistics OCR Study social networking BOFH sick search console information payment server crime Apple Finjan Funny lawsuit library Olympics hoax tech Banned Firefox Internet Explorer Army payments Performance computing adware students Gartner memory millions man-in-the-middle Programming Kin Lotus virtual world scan Hack Death remote working Parenting Deal computer Harry Potter Michael Jackson workplace code Advertising hubdub avatar innovation transactional security Meh wifi network worker DNS Tesco Microsoft credit crunch Scotland McKinnon ASUS MSNBC GMail Voice hypervisor Application EU campaign books Supercomputer stupid open source IDC banking xmas iPad OS green rootkits Backlash Digg Noro Texas Instruments poll trust RAM global fool Architecture IT outsourcing
Advertisement

   
Archives

   
Most commented posts

   
Highest Rated Blog Posts

Advertisement