Slashdot Mirror

← Back to Stories (view on slashdot.org)

Aggressive Botnet Activities Behind Spam Increase

Posted by ryuzaki0 on from the spam-i-am dept.

An anonymous reader writes, "A spam-sending Trojan dubbed 'SpamThru' is responsible for a vast amount of the recent botnet activity which has significantly increased spam levels to almost three out of every four emails. The developers of SpamThru employed numerous tactics to thwart detection and enhance outreach, such as releasing new strains of the Trojan at regular intervals in order to confuse traditional anti-virus signatures detection." According to MessageLabs (PDF), another contributor to the recent spam increase is a trojan dropper called "Warezov."

2 of 194 comments (clear)

  1. Someone's making a lot of money from this by ShaunC · · Score: 5, Interesting

    I think the Securities and Exchange Commission may turn out to be the most appropriate investigative body for SpamThru and its controllers.

    Like many others, SpamThru first showed up on my radar a few weeks ago when a massive pump-and-dump stock spam campaign flooded the inboxes of just about everyone who uses email. They're still at it today, now pumping for ticker EGLY. There's no doubt in my mind that it's the same group of folks responsible for the initial run. All of these spam runs are coming solely through botnets, and the messages - and patterns of messages - share some obvious characteristics.

    SpamThru and the recent barrage of stock scams are inextricably linked, I have no doubt about it. If and when the SEC investigates suspicious trading activity surrounding some of these stocks, they're likely to discover a trail that leads them straight to the folks responsible for SpamThru.

    --
    Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
  2. It's not the bots...it's the protocol by John3 · · Score: 3, Interesting

    You can't tax Windows users unless you start clamping down on all the open relays and misconfigured email servers. SMTP is broken, and patchwork solutions like SPF are only helping a small amount. There are servers with no reverse DNS, no MX records, all sorts of invalid configurations. As an admin running several mail servers I have to choose between enforcing all the RFC's (and rejecting email from hundreds of legitimate but broken servers) or leaving the door open and being swamped by spam (which is then trapped by processor intensive sieve, filters, etc). If I turn up the security too high my users start complaining about rejected email from clueless organizations that are running perfectly good Linux/Mac/Windows mail server boxes that are not set up correctly.

    IMHO it ultimately comes down to fixing SMTP.

    John

    --
    "We make our world significant by the courage of our questions and by the depth of our answers." Carl Sagan