Fake 'Yahoo sold to Microsoft' spam boosts Rustock botnet

Jul 27, 2008 8:42 AM
Filed under Security

A new large-scale botnet has been spotted forwarding what appears to be real news headlines about Microsoft, George Bush and Al Qaeda in an attempt to infect users.

Security vendor Marshal is warning that a growing large-scale botnet – called Rustock - is forwarding spam containing exploitive headlines in an attempt to infect users and grow its network.

Numerous small businesses and private web sites - so far predominantly in US and China - have been targeted in the campaign, claimed Marshal.

The security vendor warned a variety of headlines are being used to lure victims into clicking on a malicious link.

They include: “Yahoo sold to Microsoft, record price;” “Bush Down to 8 Friends on Myspace;” “Al Qaeda Reports Declining Revenues in Fiscal ’08.”

“Some of the headlines are hard to take seriously and some of them are believably enticing,” said Phil Hay, lead threat analyst for Marshal’s TRACE Team.

Hay said the Rustock spammers appear to be experimenting to see which types of headlines solicit the most hits from recipients.

However, if a recipient clicks on one of these links a webpage opens with a fake web video and a popup window that prompts the user to install a file called ‘codecinst.exe’.

“They are trying to disguise the installation of the executable under a believable pretext,” said Hay.

Marshal’s records revealed that Rustock is estimated to comprise over 150,000 infected PCs and distributes close to 30 billion spam messages daily which in terms of volume makes it one of the biggest malicious spam campaigns ever seen.

“Rustock is not a name many people are familiar with but it is well known within the security industry. Today it is one of the most established spambots. Rustock has been operating in various forms for more than two years,” said Hay.
Follow us on Facebook and Twitter
Fake 'Yahoo sold to Microsoft' spam boosts Rustock botnet
Related Listings
Top Stories
Reseller pays $2.65m for telco specialist
Acquisition scene heats up as JCurve makes another buyout.
Kytec files for administration, new company set up
Driven by management buyout, says MD.
Dataflex reborn under new owners
Buyer aiming for $30m after second acquisition in six months.
Sign up to receive CRN email bulletins
Latest Comments
Are Chromebooks ready for the enterprise?

CRN Magazine

Issue: 325 | March 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.