Malicious Spam Back with a Bang: M86 Researcher

Rodel Mendrez, a Security Researcher with M86 Security unveiled that online malicious activities seemed to be quite under control during October 2010-March 2011. But April 2011 onwards, the figures have surged, reports the infosecurity-magazine on May 3, 2011.

Statistics reveal bot herders to have geared up once again although the proportion noticed during the mid of last year was still high during the dominance of Bredolab and Cutwail botnets.

It seems to Mendrez as if bot herders took a brief rest during the Easter and now they are once more back with a bang.

Cutwail botnet sent the first spam campaign on the last week (third week of April 2011) and analysis reveals that the message has been arising from the online jeweler, Bobijou.

It is feasible for innocent netizens to fall prey to this trap as by the claim of the message, recipients are to receive money on their credit card. But on analyzing the matter with an eagle eye, silly spelling mistakes are revealed.

In another instance of Donbot botnet that was originated was revealed later this week (last week of April 2011).

In this campaign, subject line theme is appears to be very uncreative. It often appears to be "my hot pic", "my naked pic is attached", and many others. Spam output from Donbot botnet is on the rise and this is the first instance, when it is spreading malicious attachments. Mendrez reveals all these above mentioned facts in his blog, reports labs.m86security on April 29, 2011.

Both of these spam campaigns encloses a zipped attachment containing an executable file, which loads a fake antivirus on the compromised system.

He also claims that during the last week of April, more Asprox botnets holding the theme "Spam from your Facebook account" had been unveiled that raises questions on the security of Facebook accounts of net surfers. This campaign first appeared last year, which indicates that the bot herders behind Asprox often rotates their spam campaigns between FEDEX, UPS, DHL, and iTunes Gift Certificate among others.

In conclusion, Mendrez claims that similar threats have been prevalent in the past as well though these messages are back once again with a little changes here and there.

Related article: Malicious Scripts with Zero-byte Padding can Pass Undetected

» SPAMfighter News - 5/9/2011