Meet Bredolab. Bredolab represents what Fortinet calls a simplified botnet—a "loader" that simply connects to a remote server to report and receive files to download and execute. Fortinet has linked Bredolab to an innovative new spam engine called Webwail as well as an uptick in the growth of attacker services focused on cracking CAPTCHAs. By circumventing CAPTCHA protections, spammers can sign up for legitimate Web e-mail accounts to send out spam, making it harder for security vendors to block their messages.
Fortinet Threat Researcher Derek Manky predicts more Web engines like Webwail will be developed, driving a growth in CAPTCHA-solving services. Here, eWEEK looks at Webwail and Bredolab, and shows what could be a new security threat: loaders sold as services to buyers looking to distribute malware.
of
Bredolab, Spam and the CAPTCHA-Cracking Biz
by Brian Prince
Bredolab on the Rise
After being relatively dormant at the beginning of the year, Bredolab began pushing Webwail Jan. 11, leading to a surge in activity.
Special Delivery
This is an example of a spam message containing the Bredolab Trojan. Here, the malware is disguised as an invoice from UPS. When run, Bredolab will download Pushdo, which in turn will download the Cutwail spamming Trojan and Webwail.
Webwail Gets Busy
Webwail is well-adapted for the Web: Dynamic and flexible, it incorporates library updates and a scripting engine to receive/execute tasks and is capable of solving a CAPTCHA in less than 30 seconds. The bot will report back error conditions and send HTML code not handled properly to the server so the attackers can support changes on the fly. Command and control traffic is also encrypted.
Hotmail Account to Go
As of Jan. 15, the Webwail engine was receiving commands to create Hotmail accounts—presumably to be used in future campaigns and to spread Bredolab as well.
Flexibility Could Mean Future Problems
This depicts more partial scripts to spam Hotmail accounts. "The most innovative thing is the binary protocol they have developed to work in harmony with JavaScript—a lot of thought has been put into it and it has been developed to be dynamic and adapted to the Web, likely to be used not only with Web spam but other automated Web tasks," said Fortinet Threats Researcher Derek Manky.
CAPTCHA Cracking as a Service
Circumventing CAPTCHA protections is a business, but not one that always pays well for the people doing the grunt work. The wage advertised here is $0.60 to $0.80 for every 1,000 entered CAPTCHAs. By circumventing CAPTCHA tests, spammers can use free, Web-based e-mail services to send out their wares to lower the risk of them being blocked by a spam filter.
Join us on February 1 for an encore rebroadcast at either 5 am or 12 noon EST and discover how business intelligence (BI) supports companies in uncertain business and economic
climates. Get expert advice on how to create a strategy that fits your organization's needs and budget and see how quickly it can pay for itself.
IT Security & Network Security News & Reviews News & Reviews 
iPad 3: 10 Design Ideas Apple Should Borrow
10 Hot Tech Products Sure to Fire Up the Market in 2012
iOS, Android App Economy Fuel 500K U.S. Jobs: TechNet
Microsoft's Windows 8 Minimized Ribbon, Sensors Among New Feature[..]
NoSQL Database: 5 Ways to Make It Enterprise-Ready
Facebook IPO: 10 Facts You Didn't Know Before the SEC Filing
See All Slideshows
Meet Bredolab. Bredolab represents what Fortinet calls a simplified botnet—a "loader" that simply connects to a remote server to report and receive files to download and execute. Fortinet has linked Bredolab to an innovative new spam engine called Webwail as well as an uptick in the growth of attacker services focused on cracking CAPTCHAs. By circumventing CAPTCHA protections, spammers can sign up for legitimate Web e-mail accounts to send out spam, making it harder for security vendors to block their messages.
Fortinet Threat Researcher Derek Manky predicts more Web engines like Webwail will be developed, driving a growth in CAPTCHA-solving services. Here, eWEEK looks at Webwail and Bredolab, and shows what could be a new security threat: loaders sold as services to buyers looking to distribute malware.