Aggressive Botnet Activities Behind Spam Increase

An anonymous reader writes, "A spam-sending Trojan dubbed 'SpamThru' is responsible for a vast amount of the recent botnet activity which has significantly increased spam levels to almost three out of every four emails. The developers of SpamThru employed numerous tactics to thwart detection and enhance outreach, such as releasing new strains of the Trojan at regular intervals in order to confuse traditional anti-virus signatures detection." According to MessageLabs (PDF), another contributor to the recent spam increase is a trojan dropper called "Warezov."

Someone's making a lot of money from this

[ShaunC]

I think the Securities and Exchange Commission may turn out to be the most appropriate investigative body for SpamThru and its controllers.

Like many others, SpamThru first showed up on my radar a few weeks ago when a massive pump-and-dump stock spam campaign flooded the inboxes of just about everyone who uses email. They're still at it today, now pumping for ticker EGLY. There's no doubt in my mind that it's the same group of folks responsible for the initial run. All of these spam runs are coming solely through botnets, and the messages - and patterns of messages - share some obvious characteristics.

SpamThru and the recent barrage of stock scams are inextricably linked, I have no doubt about it. If and when the SEC investigates suspicious trading activity surrounding some of these stocks, they're likely to discover a trail that leads them straight to the folks responsible for SpamThru.

Re:Someone's making a lot of money from this

[isometrick]

Hmmm...

Hot Stocks-Investor ALERT!!!
SYMBOL: MSFT
Timing is everything!
Profits of 300-400 % EXPECTED
TRADING SYMBOL: MSFT
Opening Price: $28.93
10 Day Target: $66.66

Hold On Here

[eldavojohn]

Now, I know what you're going to say, you're going to say this is a dupe of last week's story, Bot Nets Behind Recent Spam Surge, but it's not. You see, this is Aggressive Botnet Activities Behind Spam Incease. And it's no longer recent--it's a week old.

So you can call this a dupe, but as you can see, this has clearly changed status from recent to aggressive. Or maybe like code orange to code red, DHS style.

But please, feel free to karma whore the comments from the old discussion into this one. Seriously, anyone get any new information on this? We've got a named virus but is there anything else new?

enforcement@sec.gov

[RT+Alec]

Forward the message to mailto:enforcement@sec.gov. Use Thunderbird or another mail client that does not strip or mangle the original headers (like Outlook does).

The SEC will devote significant resources investigating and often prosecuting the people who are behind these scams.

Re:enforcement@sec.gov

[XSforMe]

If you are using outlook, you can use OLSpamCop to rescue the headers and report to pretty much anyone any spam (including enforcement@sec.gov). It is a free download available here: http://www.olspamcop.org/doc.shtml#install

But I seriously doubt the SEC will be interested in origin of the SPAM. More likely they will do an audit on the fraudulent symbol. It usually is much more effective than tracing the origin of the spam, and it is more likely asses will get busted and the criminals (the people who proffit from the poor schmucks buying the stock) will get sent to jail.

Nevertheless, if you want to report and spam, use spamcop so we can mitigate the damage done from the source before it pumps more shit onto the net.

Time to pull the plug

[JohnnyGTO]

Its time we force ISPs to pull the plug on infected client machines or block entire ISPs. There is no valid argument to support end users who refuse to clean up their machines. The argument that either they are not responsible for the infection or are unable to clean their own machines is crap. If end users don't know how to maintain their equipment then perhaps they should be off the net.

Look at a car as an example. If I refuse to do or pay for routine maintenance it will begin to create more and more pollution and use more and more fuel. Is it the manufactures job to fix it, no, is it the road builders job, no, is it the jerks that sold me crappy fuel, only if I can catch them. So when I fail smog tests I need to either quit using the car or pay to fix it. Might not be the best analogy.

You ... you ... you COMMUNIST!

[Opportunist]

You mean educate people so they don't fall for scams? So they think for themselves? So they know that offers that are too good to be true can't be true?

Are you nuts? Are you aware that this would mean to the market? People able and willing to compare prices before buying, people having used cars inspected before buying them, people informing themselves about the appliances they buy and who don't blindly believe the ads.

Do you know just how many jobs hang on the fact that 99% of the people around are suckers, incapable of sorting out their own life?

Don't blame the victim!

[NotQuiteReal]

Personally I think the SEC should forcably de-list or begin the de-listing process of any stock that shows up in a SPAM campaign like this.

Um, and do you also think scantilly clad women deserve to get raped?

A pump and dump scheme simply selects a stock with the right combination of price and volume that they think they can manipulate.

Take the EGLY.OB example (heh, it's up 6% right now). It is a low priced (under a dollar) stock, so lots of shares are cheap. It has sufficient volume (100K shares/day) to be useful. If it is too thinly traded you can't accumulate shares on the cheap. If the volume is too high, the market will keep the dumpers shares low.

So, the spammers are doing a buy-low, "advertise" (pump it up), sell-high (dump) campaign. The particular stock selected was probably just a result of a screen for the desired trading properties.

The company whose stock is manipulated (most likely) had nothing to do with it.