Donbot Abandons Rogueware Spam In Favor of Online Casinos

According to specialists at M86 Security a security company, the notorious Donbot botnet, whose other names are Buzus and Bachsoy and that has been into existence since 2009, seems to have abandoned its spamming operations promoting rogue anti-virus software, instead spamming online casinos.

Notably, Donbot unleashes spam in an unbelievable amount. When its activity was at the peak during the 2009 summer, the botnet unleashed some 800m junk e-mails daily from some 125,000 contaminated computers. That is equivalent to some 1.3 percent of worldwide e-mail junk, albeit according to certain reports, the amount increased to 4.0 percent.

States researcher David Broome at M86 Security, Donbot recently stopped distributing spam for 15 minutes following which it returned with plunging a gambling website. Infosecurity-magazine.com published this on May 31, 2011.

Says Broome, the idea of the gambling plunge is for motivating the reader towards putting his money at stake over roulette and become a winner. Suiting this strategy, a web-link leading onto a casino is given with which the user apparently can reap some quick bucks.

Broome notes that if an end-user clicks the web-link he lands on a splash site wherein opting for any button triggers the download of an executable file named Casino-Online.exe. M86security.com published this on May 26, 2011.

Reportedly, referring to WHOIS details in connection with the casino URL shows that it was registered on May 24, 2011 with namecheap.com. That suggests that the casino operation is indeed illegal. Also, the domains, which take onto the casino program change on a regular basis as well as are newly spammed.

Moreover, once taken down from the Internet, the Casino-Online.exe that's scanned with VirusTotal.com becomes detectable with four of its 42 AV engines showing the results as Artemis!B7E6F50C181D, RealTimeGaming, W32/Malware.SWHU, and CasOnline.

Reports Broome that on running Casino-Online.exe followed with opening an account, there isn't any outbound abnormal traffic visible. And even though it mayn't represent a typical malware, its operation is certainly extremely dubious. Hence, users are advised not to follow any web-link inside spam mails as also never download and run random .exe files, the researcher winds up.

» SPAMfighter News - 6/9/2011