Cybercriminals Designing Superbotnet: Commtouch Researcher

By sending out billions of malicious e-mails for a mysterious reason, a cybercriminal association is creating a superbotnet, according to Commtouch researcher Avi Turiel.

Infosecurity magazine reported on September 28, 2011 that Turiel has said that apparently, a gang is at the back of the latest rise in spam e-mails as the malware in all these posts is similar. Commtouch used its malware detection software and found similar damages because of the same malware.

It appears that such bulk e-mails are being sent from a single location and with some aim, Turiel added. The number of these malware-laden posts started rising in early August 2011 and touched the record of 25 billion e-mails in a day.

The e-mail campaign has got its success as many users opened the spiteful attachments, a review by various end-user forums has revealed. The malware in the opened e-mail creates links with external servers, and downloads and opens other malicious files on the infected system, he pointed out.

He further acknowledged that the servers at present are registered with .ru, the Russian domain and two others in the .org domains, for which it is quite difficult to predict the actual place of origin of such spiteful malwares.

These e-mails are based on various themes used to trap users to open the attachments. One such topic is the UPS/FedEx. Though it is not a new tactic, it still works. The users get notification about some package that is due to arrive or has been held up. Additional details about such package are promised to be given in the attachment, Turiel said in a blog published by commtouch.com in the fourth week of September 2011.

Another popular theme is Map of love, providing interesting information about global sites of interest. Though attached map displays a PDF symbol, it is actually an executable file, he said, adding that besides these, hotel charge error is also a well-known subject. In this, the recipients are informed about an incorrect hotel invoice. The attachment shows "exe.doc" files and the user presumes that the documents contain details pertaining to the wrong bill, and they open it.

These e-mails and their origin are still an interesting mystery under wraps, he concluded.

Related article: Cheburgen.a: A New Email Worm

» SPAMfighter News - 10/5/2011