Are Botnets Beating Us in the War on Spam? - How SpamThru Changed the Game
(Page 2 of 5 )
The Trojan horse receiving the lion’s share of the blame for the recent burst of spam is called SpamThru by some anti-spam software vendors and in the media. The operators behind SpamThru take pains to keep it from being detected, notes a report by SecureWorks: “the author takes great care to make sure that detection by the major vendors is avoided by frequently updating the code.”
SpamThru was created to allow hackers to send spam from an infected computer, but it has some very interesting twists not common in this kind of software. It shares information with other peers using a custom P2P protocol. While control is maintained by a central server, if that server is shut down, the person controlling the botnet can reassert control over it as long as he or she controls at least one machine that is part of the zombie network.
Another interesting twist that SpamThru brings to the table is its special anti-virus features. First, it tries to prevent installed anti-virus software from downloading updates. Second, it actually uses a pirated copy of Kaspersky AntiVirus for WinGate to detect any other malware that might be on the system it has infected. It then sets up the other malware it detects to be deleted by Windows the next time the system is rebooted.
As if these features weren’t bad enough, SpamThru contains its own spam engine. According to SecureWorks, each client downloads “a template containing the spam, random phrases to use as hash-busters, random ‘from’ names, and a list of several hundred email addresses to send to.” SpamThru even tries to avoid detection by including AES encryption on the spam templates and an AES-based challenge-response authentication method “to prevent third parties from being able to download the templates from the template server.” The spam template includes GIF files for sending image spam; these files are modified with each spam sent. The files allow the client to change the width and height of the image, and append random pixels at the bottom to defeat anti-spam technology that tries to reject email based on a static image.
With this kind of complexity, is it any wonder that botnets are proving to be much more resilient these days? As you’ll see, the sturdiness of botnets is just one element of the problem.
More Web Hosting News Articles
More By Terri Wells