Spammers Raise Their Game

Thursday, August 18, 2011



According to new research conducted by M86 Security Labs, the number of malicious spam emails has increased significantly in August.

Last week spams increased by 13%, while this week it has increased another 24%.

The majority of these spams are coming from the Cutwail, Festi and Asprox botnets. Previously Microsoft had shut down the biggest spammer botnet, Rustock, and most ISP’s found that spam levels had been reduced significantly.


After analyzing spam, researchers identified four different campaigns for the Cutwail botnet messages that contain Fake AV, SpyEye and the Cutwail spambot itself.

The Festi botnet is sending a malicious “UPS” campaign that distributes the Chepvil Trojan, a downloader that is also installing Fake AV, while Asprox is sending malicious hotel transaction spam. The attached malware in this spam campaign installs a password sniffer and Fake AV.

If we eliminate Rustock, Cutwail botnet is the top spam producer with 100,000 bots, followed by Lethic with 75,000 bots; Grum with 65,000 bots; Festi with 60,000 bots, and Maazben with 30,000 bots.

The remaining spam botnets consisting of 5,000 to 30,000 bots each includes Asprox, Fuflo, Waledac, Fivetoon / DMSSpammer, Xarvester, Bobax, Gheg and Bagle.

SpyEye is a particularly nasty piece of malicious software whcih can harvest credentials for online accounts and also initiate transactions when person is logged into their account, literally making it possible to watch their bank balance drop in real time.

What makes SpyEye so dangerous is that it does not require very many infected computers to be effective, and with hundreds of PC’s a criminal can pilfer millions of dollars.

If you check SpyEye Tracker you will find about 439 command-and-control servers with 186 currently online, and they are distributed all over the world.


Possibly Related Articles:
SPAM malware Botnets Cyber Crime Headlines report Rustock SpyEye Cutwail
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.