Welcome Guest. | Log In| Register | Membership Benefits
  • Email this page E-mail this page
  • |  Print Print this page
  • |   Bookmark and Share

CNN, Olympics Spam Put Botnet in First Place

Rustock botnet edges Srizbi as number one spamming botnet, according to Marshal's TRACE team

Aug 07, 2008 | 02:55 AM

By Kelly Jackson Higgins
DarkReading

A spam run that featured phony CNN headlines and Olympics “news” over the past few weeks has helped propel the Rustock botnet to become the world’s largest spamming botnet, according to researchers.

Rustock beat out the Srizbi botnet, which as of May was pumping out over 55 percent of all spam, according to Marshal’s TRACE team. Last week, 31.1 percent of all spam was sent by the Rustock botnet, versus 30.7 percent from Srizbi. And thanks mostly to Rustock’s rise, malicious spam rose from three percent to 32.3 percent of all spam, according to Marshal.

“As time has gone on, the criminals behind Rustock have adjusted the appearance and sophistication of their messages to become more convincing at fooling recipients into infecting themselves,” said Phil Hay, lead threat analyst for Marshal’s TRACE team. “As Rustock has infected more machines, it has enabled the botnet to send more and more spam. These two factors have combined to push Rustock into first place and the volumes of malicious spam in circulation through the roof.”

The fake news spam from Rustock began in late June, and was fairly rudimentary and easily spotted as spam, but later evolved into more sophisticated messages with headline links that led to fake codec updates laden with a Trojan. This week, Rustock sent a spam run that convincingly copied CNN’s format, with messages of a “CCN.com Daily Top 10” list of headlines, including topics on the Olympics.

But Rustock’s method of infection was basically the same: a phony video that prompts the victim to update the codec. The executable file is the bot malware that recruits another machine for its botnet army.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

  • Marshal Inc.


    • Subscribe to RSS










    Bugs
    ENTERPRISE VULNERABILITIES
    Vulnerability:suse linux
    Published:2010-01-22
    Severity:High
    Description:SUSE Linux Enterprise 10 SP3 (SLE10-SP3) configures postfix to listen on all network interfaces, which might allow remote attackers to bypass intended access restrictions.
    Vulnerability:ie
    Published:2010-01-22
    Severity:High
    Description:The URL validation functionality in Microsoft Internet Explorer 7 and 8 does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
    Vulnerability:bind
    Published:2010-01-22
    Severity:Medium
    Description:ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before 9.5.2-P2, 9.6 before 9.6.1-P3, and 9.7.0 beta does not properly validate DNSSEC (1) NSEC and (2) NSEC3 records, which allows remote attackers to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain.
    Vulnerability:ie
    Published:2010-01-22
    Severity:High
    Description:Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-2530 and CVE-2009-2531.
    Vulnerability:ie
    Published:2010-01-22
    Severity:High
    Description:Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246.


    Briefing Centers
    POWERFUL INFORMATION
    AT YOUR FINGERTIPS
    (SPONSORED LINKS)