Fake 'Yahoo sold to Microsoft' spam boosts Rustock botnet

Jul 27, 2008 8:42 AM
Filed under Security

A new large-scale botnet has been spotted forwarding what appears to be real news headlines about Microsoft, George Bush and Al Qaeda in an attempt to infect users.

Security vendor Marshal is warning that a growing large-scale botnet – called Rustock - is forwarding spam containing exploitive headlines in an attempt to infect users and grow its network.

Numerous small businesses and private web sites - so far predominantly in US and China - have been targeted in the campaign, claimed Marshal.

The security vendor warned a variety of headlines are being used to lure victims into clicking on a malicious link.

They include: “Yahoo sold to Microsoft, record price;” “Bush Down to 8 Friends on Myspace;” “Al Qaeda Reports Declining Revenues in Fiscal ’08.”

“Some of the headlines are hard to take seriously and some of them are believably enticing,” said Phil Hay, lead threat analyst for Marshal’s TRACE Team.

Hay said the Rustock spammers appear to be experimenting to see which types of headlines solicit the most hits from recipients.

However, if a recipient clicks on one of these links a webpage opens with a fake web video and a popup window that prompts the user to install a file called ‘codecinst.exe’.

“They are trying to disguise the installation of the executable under a believable pretext,” said Hay.

Marshal’s records revealed that Rustock is estimated to comprise over 150,000 infected PCs and distributes close to 30 billion spam messages daily which in terms of volume makes it one of the biggest malicious spam campaigns ever seen.

“Rustock is not a name many people are familiar with but it is well known within the security industry. Today it is one of the most established spambots. Rustock has been operating in various forms for more than two years,” said Hay.
 
Follow us on Facebook and Twitter
 
Fake 'Yahoo sold to Microsoft' spam boosts Rustock botnet
Related Listings
 
 
 
 
 
Top Stories
JB Hi-Fi CEO to retire, new head announced
End of an era for leadership at retail giant.
 
Aussie tech e-tailer adds 200,000 clients in buyout
TopBuy to become part of Deals Direct.
 
Aussie wireless firm sold for $1.2m
Publicly listed BigAir continues buying spree.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Latest Comments
Polls
Are Chromebooks ready for the enterprise?

CRN Magazine

Issue: 325 | March 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.