New Celebrity Botnet Hooks on Paris & Britney
E-mails carrying false links to Google search results for Paris Hilton and Britney Spears are being spammed from a new botnet that directs users to Russian Business Network-hosted malware, according to findings by BitDefender, a vendor for security.
The security firm described the botnet as a network that leads its spam recipients to a Website offering celebrities' videos that host malware. As soon as that downloader (known as Trojan.Downloader.Exchange.A) is downloaded and run, it downloads and runs more malware.
BitDefender further says that the links for Google searches embedded in these spam mails makes use of Google's open redirect to disguise the actual destination. This implies that while users examine the link, a Google link would become visible, and as they trust that, the link in turn leads them to a specified site within the parameter of the URL.
BitDefender also comments that Google seems to use these kinds of URLs to divert users from their actual destinations when they click on ads that Google's Adsense software serves. However, with insufficient validation of parameters, malware writers could manipulate the URL and through it divert users to illegitimate sites.
According to Head of anti-virus Research, Sorin Dudea, for BitDefender, the security vendor has found that malware authors and spammers were highly overlapped in a vicious cycle where spam would spread malware, and this malware would further spread spam. SC Magazine published this on February 6, 2008.
Meanwhile, in celebrity spam during 2007, names of many celebrities like Paris Hilton and Britney Spears were used in techniques to trick recipients into clicking malicious links.
A similar opinion comes from security company Marshal, according to which, the celebrity spam botnet was most active during the first week of February 2008. Further, through its statistics, Marshal says that another celebrity botnet - the Pushdo botnet - has been sending 6% of the total spam mails. spammers tended to use names of celebrities in the Pushdo spam.
Marshal's Vice President of Products, Bradley Anstis, comments that people running the Storm botnet are likely responsible for building and running these other spam botnets. The comment was published on February 4, 2008.
Related article: New Zealand Releases Code To Reduce Spam
» SPAMfighter News - 15-02-2008