Spammers have decided to kill two birds with one spam: The stock-touting e-mail messages regularly sent out by spam-focused bot nets have started to include links to malicious code, according to a report published Wednesday by e-mail security firm MessageLabs.
The criminal groups responsible for the spam appear to believe that recipients of the e-mail may click on a Web link, even if they don't buy the stock touted by the e-mail message. In the past 10 days, MessageLabs has only detected about 3,500 of the messages, so the spammers may be testing to waters to see how often the scam works, said Mark Sunner, chief technology officer for the company.
"These activities are now much more under the radar because they are sending the messages out in discrete chunks," Sunner said. "If you spam out (the malicious link), you have a lot of control over the resultant bot net -- you can control the size, (and) what time zone it is being sending to."
The Storm Worm, which is actually a Trojan horse that does not spread on its own, embodies the latest tactics by spammers and bot masters to grow their networks. Rather than using worms and viruses to create bot nets that likely grow out of control, the Storm Worm -- also known as Zhelatin and Peacomm -- is sent out in spam to increase the size of a bot net at a controllable pace. The tactics also cause problems for traditional antivirus detection, since new signatures capable of detecting the latest variants of the Storm Worm may only be developed after the program has infected its victims and moved on to the next variant.
MessageLabs found that spam from previously unknown senders had increased 0.9 percent to 76.1 percent of all e-mail received by the company's clients in April. If the company includes e-mail from senders known to send out spam, the fraction of worldwide e-mail that appears to be spam would rise to 83.6 percent.
Posted by: Robert Lemos