Russian Spammers Involve in Building New Botnet for More Attacks

According to the University of Alabama at Birmingham (UAB) Spam Data Mine, the Russian-Georgian Cyber War reached a new height on the morning of August 17, 2008 when over 500 e-mails were received in just 90 minutes at the UAB.

The university started receiving poorly crafted e-mails on August 15, 2008, and now they account for 5% of the total spam traffic.

Moreover, the e-mails contain attractive headlines such as "Mikheil Saakashvili gay scam - news of the week" that lure victims into reading a phony BBC story on the Georgian President. The link provided in the e-mails takes victim to a Web server loaded with malicious content and it tries to compromise the user's system.

Gary Warner, Director of Computer Forensics Research, UAB, said that following the headline/image, which are genuinely taken from the Website of BBC, would lead reader to a hacked site loaded with viruses, as reported by InfoZine on August 17, 2008.

Gary further added that no antivirus software was able to detect the virus on the morning when it started spreading. Merely four from the total of 36 anti-virus software detected the doubtful file in tests conducted at the UAB.

Meanwhile, Warner's team has succeeded in tracking the origin of these mails to 44 computers, which were previously not involved in sending the trash. Moreover, six out of 44 computers are situated in Russia that rarely sends spam directly. Interestingly, one of the six systems is found at the Education Ministry of Russia.

It seems that spammers are trying to build a botnet but the motive behind establishing this network is still unclear. However, Warner believed that it would be utilized for launching more attacks against computers of the Georgian government.

Kevin Haley, Director of Product Management with Symantec Security Response, said that the malevolent software is a new variant of Trojan.Blusod program, as reported by NetworkWorld. Earlier, spammers used this Trojan to load antivirus program on computers by making users believe that their system infected with virus and the program could clean the problem on charges, said Kevin Haley.

Related article: Russian Hackers Break into NOAA to Push Pills

» SPAMfighter News - 9/2/2008