Spam back on the menu as botnet creating email triples in one week

Davey Winder
Wednesday, 25 June 2008 14:26

Business IT - Security

The volume of spam which exists not to sell you stuff, but simply to add your computer to a botnet collective has tripled in just one week. If that weren't worrying enough, it seems that the Srizbi botnet is now responsible for an incredible 46 percent of all spam being distributed.

Security analysts at the Marshal TRACE (Threat Research and Content Engineering) lab, which specialises in monitoring spam, phishing and Internet security trends have revealed a truly frightening statistic.

The volume of malicious spam in circulation has more than tripled in a single week, and the Srizbi botnet is to blame.

At the start of June this kind of malicious spam, which is not designed to sell a product but rather to drop malware into your machine, accounted for just 3 percent of the total spam traffic monitored by TRACE.

By the end of the second week of June it had jumped to 9.9 percent.

The kind of malicious spam you might expect to encounter will come complete with social engineering concepts designed to lure the unsuspecting victim into believing the harmful is harmless.

Think viewing a digital greeting card or maybe some free porn videos.

Whatever the bait, the line is always the same: a URL linking to a website hosting the disguised malware executable.

At the moment that executable is highly likely to have something to do with the Srizbi botnet.

According to Phil Hay, Lead Threat Analyst with Marshal's TRACE team, "the Srizbi botnet is behind much of this increase in malicious spam. Srizbi's criminal controllers are currently on a major expansion drive. The more computers infected by Srizbi bots the more money they can make."

TRACE tell me that the most common campaign Srizbi is employing right now is what they refer to as a 'stupid' theme. This attempts to hook the user by including the first part of their email address in the subject line, which is appended with a suggestion that they have done something stupid. Davey Winder you have been caught naked on video, for example.

Why anyone would think I would want to watch a video of myself naked is beyond me, I can go look in the mirror if I am truly curious as to what my body is doing today.

The sad truth is that fare too many gullible users are quick to investigate the potentially embarrassing footage, without giving any thought to the potentially malicious consequences.

Perhaps slightly more understandable is the social networking ruse also being used by Srizbi right now. This targets Classmate.com users by using its name in malicious spam with subject lines such as "You have one new message. Classmates" and "Friends waiting for you Tomorrow! Classmates".

CONTINUED