Fake 'Yahoo sold to Microsoft' spam boosts Rustock botnet

Jul 27, 2008 8:42 AM
Filed under Security

A new large-scale botnet has been spotted forwarding what appears to be real news headlines about Microsoft, George Bush and Al Qaeda in an attempt to infect users.

Security vendor Marshal is warning that a growing large-scale botnet – called Rustock - is forwarding spam containing exploitive headlines in an attempt to infect users and grow its network.

Numerous small businesses and private web sites - so far predominantly in US and China - have been targeted in the campaign, claimed Marshal.

The security vendor warned a variety of headlines are being used to lure victims into clicking on a malicious link.

They include: “Yahoo sold to Microsoft, record price;” “Bush Down to 8 Friends on Myspace;” “Al Qaeda Reports Declining Revenues in Fiscal ’08.”

“Some of the headlines are hard to take seriously and some of them are believably enticing,” said Phil Hay, lead threat analyst for Marshal’s TRACE Team.

Hay said the Rustock spammers appear to be experimenting to see which types of headlines solicit the most hits from recipients.

However, if a recipient clicks on one of these links a webpage opens with a fake web video and a popup window that prompts the user to install a file called ‘codecinst.exe’.

“They are trying to disguise the installation of the executable under a believable pretext,” said Hay.

Marshal’s records revealed that Rustock is estimated to comprise over 150,000 infected PCs and distributes close to 30 billion spam messages daily which in terms of volume makes it one of the biggest malicious spam campaigns ever seen.

“Rustock is not a name many people are familiar with but it is well known within the security industry. Today it is one of the most established spambots. Rustock has been operating in various forms for more than two years,” said Hay.
Follow us on Facebook and Twitter
Fake 'Yahoo sold to Microsoft' spam boosts Rustock botnet
Top Stories
10 things we learned this week
Seasons greetings and "Yo Gabba Gabba!" from CRN.
Microsoft partner Ensyst acquired by Optus
Australian partner of the year joins Optus Business.
How I learned to stop worrying and love Hyper-V
How secondhand data centre pizza boxes and tablets can get an SMB mobile and productive.
Sign up to receive CRN email bulletins
Who had more wins in 2014?

Latest Comments
CRN Magazine

Issue: 334 | December 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.