Why spammers lurve the 'Microsoft support' worm

Discussion in 'malware problems & news' started by ladyjeweler, May 21, 2003.

Thread Status:
Not open for further replies.
  1. ladyjeweler

    ladyjeweler Registered Member

    Joined:
    Feb 22, 2003
    Posts:
    23
    Location:
    North Carolina
    http://www.theregister.co.uk/content/56/30808.html

    Why spammers lurve the 'Microsoft support' worm
    By John Leyden
    Posted: 21/05/2003 at 15:03 GMT


    The latest Windows mass mailer worm could be used by spammers to launch bulk mail blizzards from computers they don't own, a security researcher warns.

    AV vendors are now reporting the Palyh worm (which poses as a message from support@microsoft.com) as a variant of Sobig-A.

    Most vendors are renaming the virus as Sobig-B.

    Sobig-A has been implicated in assisting spammers by installing proxy servers on machines it infected.

    Joe Stewart, Senior Intrusion Analyst, at security consultancy LURHQ, who wrote a paper on Sobig-A's appropriation by spammers, reckons history is repeating itself.

    "It looks like he/she is trying to do the same thing again, because Sobig-B seems to have the same functionality - acting as a primary stage, a foothold to first spread itself then download the real Trojan code later when the author is ready," Stewart told The Register

    Fortunately, Geocities is shutting the sites down before the person(s) responsible can do much damage, Stewart notes. But he voiced concern that variants of the virus (which don't rely on Geocities) may follow.

    In recent times there have been several examples of spammers using cracking exploits to gain control of victim PCs and send virtually untraceable spam. Insecure WLAN are prone to much the same risks.

    Perhaps the most insidious aspect of this is that innocent organisations (e.g. a Vermont prep school - see New York Times story) take the blame for sending spam.

    Stewart's paper illustrates the basis for such attacks, and provides another sound reason why people should exercise diligence in guarding against viral risks.

    Of course there will always be those who don't bother, but the fewer such people or organisations there are the less of a problem this will pose for the rest of us. ®
     
  2. UNICRON

    UNICRON Technical Expert

    Joined:
    Feb 14, 2002
    Posts:
    1,935
    Location:
    Nanaimo BC Canada
    Hi ladyjeweler, thanks for including the author of the work, that is very important here for copyright reasons.

    When posting articles of this sort we would prefer a shorter description of the atricle and the link to the full article instead of the bulk of the message being cut and pasted.

    Thanks again
     
  3. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    OT:

    the moderators of the Focus-MS mailinglist (Security Focus) asked all subscrivers to please scan their systems because the list was flooded with Sobig :D
     
  4. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Saw that this morning. How embarrassing... :rolleyes:
     
Loading...
Thread Status:
Not open for further replies.