Botnet Employing Advanced Tactics for Bypassing Spam-Filters Uncovered
Investigators from Trend Micro recently unearthed one fresh spam-spewing botnet that utilizes special techniques for remaining undetected as it carries out its malicious activity.
Named StealRat, the botnet reportedly employs certain combination of hijacked Internet sites and computers during its operation.
Threat Response Engineer Jessa De La Torre of Trend Micro said that for the botnet set-up, its controllers concealed the main computer spewing spam with 3 items unaware of their association with it: 2 hijacked websites and one contaminated system. Securityweek.com published this, July 22, 2013.
It's believed that the contaminated system has been utilized for establishing an interconnection between the spam machine as well as the website, which's behind dispatching the spam.
Essentially, after collecting the spam data comprising e-mail template, recipient's address, sender's name and backup mail stored on the server, the items victimized upload it onto the hijacked website that crafts the spam mail as also dispatches the same to end-users' PCs.
And while crafting the message, the website includes one web-link linking up with the other hijacked website which eventually delivers the payload -either one fake pharmacy or an adult site.
Elsewhere De La Torre elaborated that since there wasn't any communication among the spam as well as server, the junk e-mails appeared as emerging out of the contaminated computers. Moreover, since the spam mail, unlike usual, didn't proliferate the malware, the two too didn't appear as being interlinked. Quintessentially, the basic functionality of the two had been separated while interactions minimized, which eliminated any linkages between them, the expert added. V3.co.uk published this, July 22, 2013.
Trend Micro notes the spamming technique carried out as turning out efficacious. The company estimates it involved 85,000 distinct Internet Protocol addresses as well as domains for spewing junk e-mails to 7m selected users' ids, with every IP apparently consisting of approximately 2 spamming scripts.
Significantly, the discovery of StealRat coincides with the period when cyber-crime techniques are widely evolving. Among the numerous security firms that caution about hackers with state-backing who're devising fresh defense-evading tricks, Context reported it found an enormous hike in watering hole assaults aimed at enterprises having government contracts.
» SPAMfighter News - 27-07-2013