New Mega-D botnet supersedes Storm
A newly emerging botnet that spams promotion campaigns for sexual enhancement drugs for men has proved stronger than the notorious Storm botnet to become the world's single largest source of spam, warned security vendor Marshal. SCMagazine published this on February 1, 2008.
Vice President of Products, Bradley Anstis, at Marshal, said that the threat is a blended attack in which e-mail recipients are tricked into loading Mega-D. The e-mails also use breaking news headlines as bait to lure victims into viewing the spam mail, a technique similar to the Storm-laced spam. The recent news of the sudden death of Heath Ledger, the renowned Australian actor too has been exploited, said Anstis. SCMagazine published this.
According to Marshal's security researchers, the spread of Mega-D infection probably started since September 2007 and has been steadily increasing. It is also possible that people responsible for the Storm botnet created some of the newer botnets as well.
The latest spam campaign extensively promotes many pharmaceutical products like the Express Herbals, Herbal King, and VPXL. Known as Mega-D, the botnet accounts for 32% of total spam, 11% up from the peak level of 21% of the Storm botnet recorded in September 2007.
Botnet herders seem to be making use of lessons from criticisms of the Storm. While the Storm botnet attracted a lot of media attention, the Mega-D operators are better placed to add more bots to their network because of their low publicity.
Mega-D is fast expanding through regions like North America and Asia, imitating the proliferation of Storm botnet that is characterized with high penetration into broadband and low protection from anti-virus.
Also, like the Storm botnet, controllers of Mega-D are employing trojans that regularly change to avoid detection by signature-based solutions and work with Peer-to-Peer (P2P) sharing so that the botnet never shuts down.
The Mega-D Trojan also goes off when it finds in a virtualized environment, generally employed by anti-virus vendors to analyze spam.
According to similar news, BitDefender, another security vendor, reported detection of intensive promotion of the same VPXL drug in its top ten-threat list for January 2008 released on February 1, 2008.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 11-02-2008