Rustock takes spambot gold with Olympic surge

Davey Winder
Friday, 08 August 2008 16:59

Business IT - Security

Certainly it seems that the people behind Rustock are only too well aware of the need to constantly change and refine their strategy. Gone are the comedy headlines, and no more of the designed to shock stuff either.
 
This week Rustock has got very serious indeed. It has started a professional-looking CNN format news campaign. All the messages come in a CNN.com Daily Top 10 list format, and all the headlines mentioned are real ones.

Yes, they do still tend to veer towards the unusual, as that is what gets the most click interest. But with the world poised to start feeding off the 2008 Olympics, in terms of online news, it is a smart if somewhat worrying strategic play.

As with all previous campaigns, the payload comes by way of a video link. This time it is a faked CNN video, which naturally enough requires a new codec download to play. Well, it doesn't, but it pretends to in order to get the infection executable downloaded and installed.

It seems that MS Internet Explorer users have even more to worry about than FireFox or Safari ones as the web pages holding the faked video download also try to infect the user by way of known IE browser exploits.

"This clearly demonstrates a change in Botnet tactics" warns Hay "in the past botnet operators subscribed to the "Go low and go slow" methodology to escape detection, now they are getting a lot bolder and seemingly less concerned about publicity by increasing their activity significantly."