Spam Links

Skip over navigation

Spam Links > Prevent > Secure > Open Proxies > Spam Trojans

spamlinks.net/prevent-secure-proxy-trojan.htm

Spam Trojans

Trojans, zombies, bots... whatever you call them, spammers are using them, and in large quantities. There are simply too many variations to list them all, but the most important initial uses of trojans to support spamming, such as the Sobig worm, are covered here.

Spam trojans present a serious difficulty to most anti-spam efforts. They provide a fresh supply of IP addresses to avoid blacklists, and can be used for many applications that a spammer needs: DNS; web hosting; proxying mail; sending via ISP mail servers. The list is long and challenging, and there are no easy answers.

Overview of Spam Trojans
Specific Spam Trojans Analysed

Overview of Spam Trojans

Operation Spam Zombies - www.ftc.gov/bcp/conline/edcams/spam/zombie/
The Rise of the Spammers - www.infosecwriters.com/text_resources/pdf/spammers.pdf
Spammer Using Over 1000 Home Computers as DNS - www.circleid.com/posts/moving_target_spammer_using_over_1000_home_computers_as_dns
Hackers May Profit From Spam - www.adimpleo.com/top/spam_hacker.html
Trojans as Spam Robots/Trojaner als Spam-Roboter - www.heise.de/english/newsticker/news/44879 - also in German
Who's Spamming Who? Could it be You? - www.ftc.gov/opa/2004/01/zombiespam.shtm
Bots & Cyberime - securityresponse.symantec.com/avcenter/cybercrime/bots_page2.html
Increasing Spam Threat from Proxy Hijackers - www.spamhaus.org/news.lasso?article=156

Specific Spam Trojans Analysed

Sobig.a and the Spam You Received Today - www.secureworks.com/research/threats/sobig/
Sobig.e – Evolution of the Worm - www.secureworks.com/research/threats/sobig-e/
Sobig.f Examined - www.secureworks.com/research/threats/sobig-f/
Who wrote Sobig? - spamkings.oreilly.com/WhoWroteSobig.pdf
Year of the Beagle - www.infectionvectors.com/vectors/year_of_the_beagle.htm
Reverse-Proxy Spam Trojan – Migmaf - www.secureworks.com/research/threats/migmaf/
Discussion of “jeem.mail.pv” - groups.google.com/groups?q=jeem.mail.pv&scoring=d&filter=0
Discussion of “bestportal.biz” spammers - groups.google.com/groups?q=bestportal.biz+trojan&scoring=d
Botnet Eavesdropping: Inside the Mocbot (MS06-040) Attack - www.eweek.com/c/a/Security/Botnet-Eavesdropping-Inside-the-Mocbot-MS06040-Attack/
Symantec list of spam trojans - search.symantec.com/custom/update/query.html?filter=vir&qt=spam
SpamThru Trojan Analysis - www.secureworks.com/research/threats/view.html?threat=spamthru - see: www.secureworks.com/research/threats/view.html?threat=spamthru
The Medbot menace - www.ameinfo.com/105378.html

everything you didn't want to have to know about spam

Hosted by spam.abuse.net, with help from Neil Schwartzman. Domain registration by Gregg DesElms. Logo by Art101.

This work is licensed under a Creative Commons License. SPAM is a trademark of Hormel Foods.

Page last updated: 09-Jul-2007