Spammers Exploiting NDRs to Insert Malware in Computers

As per the security company 'PandaLabs', cyber criminals are employing a new vector of ramping up their spam attacks by crafting e-mails that seem automated responses to non deliverable e-mails.

PandLabs security experts have claimed that they recorded an increase of 2000% in the total number of different Non Delivery Report (NDR) and single copy messages for August 2009 against the statistics recorded for the period January-June 2009.

Security experts defined NDR as e-mail generated by the mail systems and automatically sent to the sender to inform him about the failure of delivering the message. This automated NDR feature of mail servers is legitimate but spammers have started exploiting it to distribute malicious spam in guise of actual sender.

They further added that nearly one in five spam e-mails studied by them globally had been using this attack technique, emphasizing on its mass popularity and the most pervasive vector in the present time.

Moreover, these spam mails have a text message that informs the recipient about difficulty in sending the e-mail to the desired address. It has been seen that people, who actually haven't sent the mail, open it in curiosity of knowing what is inside.

Luis Corrons, Technical Director, PandaLabs, said that the online security community had not reached a consensus whether the NDR technique meant to bypass anti-spam scanners or a collateral effect of dictionary assaults. No matter whatever be the objective behind this modus operandi, one thing was obvious - there mass popularity, as reported by v3.co on September 14, 2009.

Corrons added that many conventional anti-spam vectors had not blocked NDRs till now because they were legitimate e-mails and represented an important functionality of mail servers.

He explained that these e-mails were solicited, but botnets were using them to exploit the mail server functionality by feeding in the name of sender to trigger the response.

Furthermore, spammers usually embed their malicious code in NDRs with a malicious plan of installing malware of recipient's computer in order to annex the administrative rights remotely.

This problem is mainly confronted by big clients such as Outlook users since the scanning of mail takes place at the service provider end or in the company's mail system.

Related article: Spammers Continue their Campaigns Successfully

» SPAMfighter News - 10/2/2009