Spam Malware

Trojans, zombies, bots... whatever you call them, spammers are using them, and in large quantities. Spammers seize control of hundreds, thousands or millions of innocent computers, and use them to deliver their email. The most important initial uses of malware (malicious software) and bots to support spamming, such as the Sobig worm, are covered here.

Spam malware presents a serious difficulty to most anti-spam efforts. Using it on hacked PCs provides a fresh supply of IP addresses to avoid blacklists, and the PCs can be used for many applications that a spammer needs: DNS; web hosting; proxying mail; sending via ISP mail servers. The list is long and challenging, and there are no easy answers.

Overview of Spam Trojans
Specific Spam Trojans Analysed

Overview of Spam Malware

Operation Spam Zombies - www.ftc.gov/bcp/conline/edcams/spam/zombie/
The Rise of the Spammers - www.infosecwriters.com/text_resources/pdf/spammers.pdf
Spammer Using Over 1000 Home Computers as DNS - www.circleid.com/posts/moving_target_spammer_using_over_1000_home_computers_as_dns
Hackers May Profit From Spam - www.adimpleo.com/top/spam_hacker.html
Trojans as Spam Robots/Trojaner als Spam-Roboter - www.heise.de/english/newsticker/news/44879 - also in German
Who's Spamming Who? Could it be You? - www.ftc.gov/opa/2004/01/zombiespam.shtm
Bots & Cyberime - securityresponse.symantec.com/avcenter/cybercrime/bots_page2.html
Increasing Spam Threat from Proxy Hijackers - www.spamhaus.org/news.lasso?article=156
Google: botnet takedowns fail to stem spam tide - www.theregister.co.uk/2010/04/18/google_botnet_takedowns/
Another one (partially) bites the dust - blogs.msdn.com/b/tzink/archive/2010/03/12/another-one-partially-bites-the-dust.aspx

Specific Spam Malware Analysed

Sobig.a and the Spam You Received Today - www.secureworks.com/research/threats/sobig/
Sobig.e – Evolution of the Worm - www.secureworks.com/research/threats/sobig-e/
Sobig.f Examined - www.secureworks.com/research/threats/sobig-f/
Who wrote Sobig? - spamkings.oreilly.com/WhoWroteSobig.pdf
Year of the Beagle - www.infectionvectors.com/vectors/year_of_the_beagle.htm
Reverse-Proxy Spam Trojan – Migmaf - www.secureworks.com/research/threats/migmaf/
Botnet Eavesdropping: Inside the Mocbot (MS06-040) Attack - www.eweek.com/c/a/Security/Botnet-Eavesdropping-Inside-the-Mocbot-MS06040-Attack/
Symantec list of spam trojans - search.symantec.com/custom/update/query.html?filter=vir&qt=spam
SpamThru Trojan Analysis - www.secureworks.com/research/threats/view.html?threat=spamthru
The Medbot menace - www.ameinfo.com/105378.html
Atrivo Shutdown Hastened Demise of Storm Worm - voices.washingtonpost.com/securityfix/2008/10/atrivo_shutdown_hastened_demis.html
Warezov botnet rises from the grave - www.theregister.co.uk/2008/10/16/warezovs_second_coming/
CBL-observed Effects of the McColo Outage - cbl.abuseat.org/mccolo.html
Srizbi spam botnet in failed resurrection - www.theregister.co.uk/2008/11/26/srizbi_returns_from_dead/

everything you didn't want to have to know about spam

Hosted by spam.abuse.net, with help from Neil Schwartzman. Domain registration by Gregg DesElms. Logo by Art101.

This work is licensed under a Creative Commons License. SPAM is a trademark of Hormel Foods.
Page last updated: 21-Mar-2010