Supply-Chain Businesses Hire Storm Botnet for Illegal Drug Sales

IronPort Systems, a provider of software security solutions, on June 11, 2008, announced that a new research has detected a connection between the malware originators like the Storm worm, and illegal pharmaceutical business chains that hire botnets for sending spam that advertise their Websites.

These illegal chains of suppliers are transforming spam into high-priced drug purchases and this way they are allowing the spamming botnets to be traded, and also motivate bot herders for profits.

The botnets are distinct as they link spam campaigns to the latest events or popular Websites, using a combination of the Web and e-mail to propagate. In addition, these highly coordinated and decentralized attacks facilitate a range of online assaults, including e-mail spam, blog spam, and attacks through phishing, distributed denial-of-service (DDoS) and instant messaging (IM).

Vice President of Technology at IronPort and also a Cisco fellow, Patrick Peterson said that a research done by them has found that Storm or any other botnet generates spam and commissions orders, which the illegal supply chains fulfil, generating earnings beyond $150 Million in a year, as reported by Earthtimes on June 11, 2008.

Further, according to Researchers at IronPort, over 80% of Storm botnet spam promotes pharmacy brands. This spam is distributed from millions of PCs that have been infected by the Storm worm via various Web-based exploits and advanced social engineering tactics.

Meanwhile, sophisticated botnets are operating together with manual and automated Captcha-cracking systems that create free and large number Webmail accounts. Subsequently, the botnets send out the spam from these accounts and the recipients believe that the e-mails arrived from a genuine ISP's e-mail server rather than the botnet.

Further investigations indicated that spam formats, Website designs, "spamvertized" URLs, product fulfillment, payment card processing and customer support were all provided by the Russian criminal syndicate that operates together with the Storm botnet. This syndicate hires botnet-spamming partners to promote their fake pharmacy Websites in return for a 40% commission when sales orders materialize.

Hence, IronPort suggested that to prevent botnet spam, the use of spam filters is one of the most essential measures.

» SPAMfighter News - 6/30/2008