‘Piggyback Spam’ Campaign Focusing on Building Botnets
A spam campaign is distributing e-mails across the world, containing links to damaging files with the intention to build botnets, cautions Marshal, a security vendor.
Bradley Anstis, director of product management at Marshal, said that the spam was uncovered in the third week of June 2007. It targets the U.S. market but is now spreading all over the globe and the spam mails are increasing in number. According to Anstis, spammers are fighting to find how they can beat the spam filters and place their messages into users' inboxes, as reported by Secure Computing on June 29, 2007.
The campaign is called "Piggyback Spam" in which the e-mails have embedded links that have no relation with the product they advertise. Moreover, the links lead to a file rather than a site, said Anstis, reported CRN on July 2, 2007.
The links are not integral to the core message but are arranged in odd places in the e-mail and load a "piggybank" on a normal spam message, Anstis added.
On clicking a link, users are directed to download a file, which, on running, would install more malware like keylogging programs or spambots onto their computers. Anstis therefore advises them to avoid saving or downloading the file.
Researchers at security TRACE team of Marshal suspect the piggyback spam an attempt to increase the number of bots to enlarge the spam botnet that would help spread the malware even wider. Anstis said, the spammers are trying to kill two birds with one stone expecting users to click on the links and trigger a series of events so that more users join the chain and their PCs become part of spammers' botnet.
Marshal said that botnets perform a number of tasks like delivering spam, launching distributed denial of service (DDOS) attacks, spotting and disabling anti-virus programs, and finding and eliminating competing botnets belonging to rival botnet syndicates.
Hackers build botnets by searching the Internet for weak computers, which they infect, compromise and commandeer to join the bot network. Anstis advises people to check their PCs regularly for presence of any botnet infection. They should also use anti-virus tools and security firewalls.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 11-07-2007