Please wait while the page is being loaded Skip this advertisement >
ARN

Obama, Al Qaeda recruit for Rustock

Security vendors lock horns over spam, virus data.
Darren Pauli (Computerworld)  25 July, 2008 12:20:03
Have your say!
Add to Google
ARN Directory | Distributors relevant to this article
Altech Computers , ASI Solutions , Cellnet , Compucon Computers , Corporate Computer Resources , EDsys Computers , Express Data , Express Online , Impact Systems Technology , Infortech Distribution , Ingram Micro Australia , LDS International , Leader Computers , Leading Pacific Australia , NewLease , Open Channel Solutions , Simms International , Synnex Australia , Topstar Computer International , Unixpac , Westan , WhiteGold Solutions , XiT Distribution , Xpress I.T.
ARN Directory | Vendors relevant to this article
Marshal8e6 , Sophos

Barack Obama has left the presidential campaign trail and joined George W Bush, Al Qaeda and Microsoft to recruit zombies for the world's second largest botnet, Rustock.

The efforts are part of a massive coordinated spam campaign, the largest ever seen by one security researcher, to recruit new nodes into Rustock's 150,000 strong zombie army that pumps out some 30 billion e-mails a day.

The tactic is working, according to security researchers in the Marshal Trace team who report the botnet is responsible for 21.5 percent of global spam, up 11.5 percent in one month.

Rustock's spam e-mails have diversified as part of the campaign including bogus subject lines such as "Martian soil fantastic for growing weed says NASA", "Yahoo sold to Microsoft, record price" and "Bush down to 8 friends on Myspace".

The researchers claim the campaign is a success, despite that it still relies on an executable, codecinst.exe, as the vector for infection via a variety of fake news sites. The spambot can be automatically delivered to users operating unpatched Internet Explorer browsers through a JavaScript exploit.

Meanwhile, Sophos claims that attacks via email file attachments have reduced this year.

According to data from the company's research labs collected in the same period by the Trace team, malicious attachments have fallen from 0.3 percent (1:332) of legitimate e-mails to 0.04 percent (1:2500).

Sophos data claims the Pushdo Trojan is the malicious attachment of choice for spammers, accounting for 31 percent of all reports. Lucid images of Nicole Kidman and Angelina Jolie have been used to push out the malware.

The botnet campaign comes on the back of reports from Finnish security vendor F-Secure which has collected it's one millionth piece of malware.

The vendor claims 2300 new Trojans and exploits appear each day, double the number reported since the start of this year.

Sophos claims in its latest threat report that the total amount of malware in existence now exceeds 11 million.

Polymorph viruses, which adopt the signature of old viruses to obfuscate anti-virus detection, are growing faster than all other forms, according to F-Secure. Anti-virus monitors identify polymorph viruses by the piggy-backed signature, rather than the code itself, and will often only remove the known script.

Comments

Post new comment

Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
The content of this field is kept private and will not be shown publicly.
Enter the fully qualified URL, eg. http://www.example.com/
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Syndicate content
Careerone Job Search
Job seekers Get job alerts | Post your resume online | Interview tips | Ask Kate
Advertisers Click here to advertise your jobs to thousands of job seekers monthly.
 
ARN Distributor Directory
 
Find distributors by name
Find distributors by vendor
Find distributors by location
ARN Vendor Directory
 
Find vendors by name | Find by category
ARN Community Comments
Most Commented
ARN Library


Read Material

RSA - Secure Web Access

What can be done to protect web access? The Web has created a wealth of new opportunities, but as organizations shift from an internal to external focus, the traditional view of identity and access management (IAM) is changing. In many different ways, including regulations around the globe aimed at data protection and other processes, securing web access is creating many new challenges.

Subscribe to ARN

ARN has been the premier provider of information to the Australian IT channel for more than 12 years. As the only weekly publication dedicated to the channel, ARN produces timely, accurate news and analysis about IT business issues, products and services, new technology and market opportunities.
Sponsored Links