Why spammers lurve the 'Microsoft support' worm

Discussion in 'malware problems & news' started by ladyjeweler, May 21, 2003.

Thread Status:
Not open for further replies.
  1. ladyjeweler

    ladyjeweler Registered Member

    Feb 22, 2003
    North Carolina

    Why spammers lurve the 'Microsoft support' worm
    By John Leyden
    Posted: 21/05/2003 at 15:03 GMT

    The latest Windows mass mailer worm could be used by spammers to launch bulk mail blizzards from computers they don't own, a security researcher warns.

    AV vendors are now reporting the Palyh worm (which poses as a message from support@microsoft.com) as a variant of Sobig-A.

    Most vendors are renaming the virus as Sobig-B.

    Sobig-A has been implicated in assisting spammers by installing proxy servers on machines it infected.

    Joe Stewart, Senior Intrusion Analyst, at security consultancy LURHQ, who wrote a paper on Sobig-A's appropriation by spammers, reckons history is repeating itself.

    "It looks like he/she is trying to do the same thing again, because Sobig-B seems to have the same functionality - acting as a primary stage, a foothold to first spread itself then download the real Trojan code later when the author is ready," Stewart told The Register

    Fortunately, Geocities is shutting the sites down before the person(s) responsible can do much damage, Stewart notes. But he voiced concern that variants of the virus (which don't rely on Geocities) may follow.

    In recent times there have been several examples of spammers using cracking exploits to gain control of victim PCs and send virtually untraceable spam. Insecure WLAN are prone to much the same risks.

    Perhaps the most insidious aspect of this is that innocent organisations (e.g. a Vermont prep school - see New York Times story) take the blame for sending spam.

    Stewart's paper illustrates the basis for such attacks, and provides another sound reason why people should exercise diligence in guarding against viral risks.

    Of course there will always be those who don't bother, but the fewer such people or organisations there are the less of a problem this will pose for the rest of us. ®

    UNICRON Technical Expert

    Feb 14, 2002
    Nanaimo BC Canada
    Hi ladyjeweler, thanks for including the author of the work, that is very important here for copyright reasons.

    When posting articles of this sort we would prefer a shorter description of the atricle and the link to the full article instead of the bulk of the message being cut and pasted.

    Thanks again
  3. meneer

    meneer Registered Member

    Nov 27, 2002
    The Netherlands

    the moderators of the Focus-MS mailinglist (Security Focus) asked all subscrivers to please scan their systems because the list was flooded with Sobig :D
  4. JimIT

    JimIT Registered Member

    Jan 22, 2003
    Denton, Texas
    Saw that this morning. How embarrassing... :rolleyes:
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.