|
|
|
Pump-and-Dump Spam Surge Linked to Russian Bot Herders
By: Ryan Naraine
2006-11-16
Article Rating: / 0
There are 1 user comments on this Network Security & Hardware story.
Pump-and-Dump Spam Surge Linked to Russian Bot Herders (
Page 1 of 2 ) The recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers running a 70,000-strong botnet powered by hijacked computers in more than 160 countries.The recent surge in e-mail spam hawking penny stocks and penis enlargement pills is the handiwork of Russian hackers running a botnet powered by tens of thousands of hijacked computers.
Internet security researchers and law enforcement authorities have traced the operation to a well-organized hacking gang controlling a 70,000-strong peer-to-peer botnet seeded with the SpamThru Trojan.
According to Joe Stewart, senior security researcher at SecureWorks, in Atlanta, the gang functions with a level of sophistication rarely seen in the hacking underworld.
For starters, the Trojan comes with its own anti-virus scanner—a pirated copy of Kasperskys security software—that removes competing malware files from the hijacked machine. Once a Windows machine is infected, it becomes a peer in a peer-to-peer botnet controlled by a central server. If the control server is disabled by botnet hunters, the spammer simply has to control a single peer to retain control of all the bots and send instructions on the location of a new control server.
The bots are segmented into different server ports, determined by the variant of the Trojan installed, and further segmented into peer groups of no more than 512 bots. This allows the hackers to keep the overhead involved in exchanging information about other peers to a minimum, Stewart explained.
 Click here to read more about a malicious Trojan that comes with its own anti-virus scanner.
Stewart, a reverse engineering expert with expertise in deconstructing malware samples, gained access to files from a SpamThru control server and found evidence that the attackers are meticulous about keeping statistics on bot infections around the world.
For example, the SpamThru controller keeps statistics on the country of origin of all bots in the botnet. In all, computers in 166 countries are part of the botnet, with the United States accounting for more than half of the infections.
The botnet stats tracker even logs the version of Windows the infected client is running, down to the service pack level. One chart commandeered by Stewart showed that Windows XP SP2 (Service Pack 2) machines dominate the makeup of the botnet, a clear sign that the latest version of Microsofts operating system is falling prey to attacks.
Another sign of the complexity of the operation, Stewart found, was a database hacking component that signaled the ability of the spammers to target its pump-and-dump scams to victims most likely to be associated with stock trading.
Click here to read more about the industrys struggles to cope with the botnet scourge.
Stewart said about 20 small investment and financial news sites have been breached for the express purpose of downloading user databases with e-mail addresses matched to names and other site registration data. On the bot herders control server, Stewart found a MySQL database dump of e-mail addresses associated with an online shop.
"Theyre breaking into sites that are somewhat related to the stock market and stealing e-mail address from those databases. The thinking is, if they get an e-mail address for someone reading stock market and investment news, thats a perfect target for these penny stock scams," Stewart said in an interview with eWEEK.
Next Page: Evading spam filters.
|
|
�������x}is㶲*�Qg5Ed[�IJ|,83T� I)$�7n�ܴPYrLb["���
��vv$IM�klJv9�;�D�;;?&ԇP|o^P�o�2t}R �
�tӌ5v�:!�
�����>�;|�/s=NN5��%�j'a]kc�F}W�2ű5m0�f
�E1;'
}>B �~5;�6��(GJ��{8�K��E!@�#�oQuB){
Cw*�Nul9�Q�!)+Jt/"(?F#&�c-4~qwF��?0/Pcw
�Ҵ���v[*v�_eߌڭA�x)�BX/��#�bF�]߂�ݿ!Hä@d`jId:4G}D`YRi 3�LmfCÑcWPpmׇVsTfFԲ;o� tG
ob=u�ק&Y!
b�S�3Mu��N_FBԿ�¥0~J
V�#vRA'�ס"�'�l_k|��uv3<$3~5 CoZeNDj%o�~�cn!Lj�Z�E&>��ؗCY͢�e���ʆ}{ʁ(GZz�}rL>-g`)sN�ͯz�JU4E9.W���~�`h-v4��NeC��i^O�YHM~g/DJ V4D���-ā�P��;5=(ǭ~o[��%Mюdy̞o���f�^҈�g�UU�Yۭlni][W^['�wf٘Y�ji�Ud�\�]bFȏwA}yڽ鑳59m}hz
�ݙOtHM��Wh:s0N/j�6O|ķ�x0���kh�`c��~@R�o�~:?^$ZW/' MDO~��u'P[,.��RrZ~@X*V��0Uhf5
t�@C�X&%Gi)"
��:u
�PsfՃ��{0-Mn
#d��Li��&ͬz��h-Aho�*K�>�:h�)9?�&Țb.L2<|)=:-`i{/��(AK/�
ڊ�5|*(if);�/3 �BD4?CzC���0!pJn|?
[�˚&�fmѝ-Ӆ�]WcM^cL
NCuƍVuJzW^�?uZ^]�L�%g�5Fd�洋вo��殣V�$cvm
Y?*CE@U~X@8ʝ81o!SG�ñA
�S&�3;,v�N��8��cNR�}�)5ٴ>�'4�}�>'�$>&Csi[nL,�s�ׇ�w4A�>�3�Oߺ|L^TŞ�+L�К��p#5m�� .>v�l��8d
$(s>w[0&w��z��t���#0{��TM`�@#,@X���C��
����k
>G\[-[�Z6x�O͙A }�(~9-R��;C1��"# 1D�EO�y3@�!$�-4a��z.��?�
�� "!bRN{
�
T6]�Hp@T�*es�KX)gQYLp[̗/)�Qf%�3{~6�cdB�|!'f�Xr`Y
�\+|�)l
Ԩ˶V-iDi$P^Cs�2 =cWVk��EU�`H�%a&x�X��vF�Όp�?X~8!� 0R�
iBI ?Lx{h[eX0�4�2�T�2q)�� f+7�Lu�Zԟ�`�Ȧ��53>�0^͘}wʠ:�'���E_
�Mý-K;xL"S6C_*8~>cp7 �P�\?Y�a�r-�'|$@]<>+WePÃ�"`"+42��E̞��(��[L8,NBuOSjSD�cS 6_2��C+8��L)Esr�&�!�w'ы8z퉟8ͪ�k!BZ^t x9�JeO^�ֹ�P+=� K
�rP
0t��ZZE"b Ej7{\Z2,c
|,>4AN/a:+)9H�o�]��pZ#�{��_oUK�w3@�ļm)ZH�r9�vn�� �ʸaJYͤ
Yj6O\�ȃ��!ӧ_!���|<6H)
z�7HpJa e�-֓BSUmg`m1Jx>x#�d4�6��V,'#�#�ҵ�;�¤wZSv˦Կ>YQ>Ϯ[- �v+�U}�=cG�L�mRGM�B�W�{W+H�X z6V&L~�5<2ιe]P�\,_#|`::w�I<��ұY�4���hS\E3kHb4"*paBX�a0
S]�JU�|QԼewPy;�6�
�rCilv�pq`(1z3:uf*_Mw;$!Wo�}TSLqa
֚�D r�.c"�;�2"t�n�_8R" @�4�ÀЇ��BK
SL@Χr~y� �
b
(h
bIzpSE��+n
_0�B�fT!rB�3�=?��X!:挮~`;t!ٯJ�zrhUUԎjVC�gGU�tq��GN tɕ,JMޫ0p c.z$ c�0+E
��/ÌTU5�ܧ+i
~>V�6ʼnG =̂q=@W4Uud
Z 0��(�Eh0�qD��N��ҀJ��Q�ƙl)=P˥e;/NPd�[Ђwak%4g{J[d�`"Kj�U>+U,jl�T�Z�:�-,�H+0���o
�c5}�u��:*ʾ_ٳi�zoB6E`ԌLtpȐ�NǕ�W,ȡ2tZ\A�q�wPB�"=oڊ�34o$�LkRt&O;+JON�]m(}�g^�LZDKuc`�ᄇ,�?C��Ⱦ� ,(BR#7cu[w "qSՎ )/{
~:ꪦUR1|,t̩,F�f|ĥC{g]a+w�22ϓF�
[/ U4�<@�n<7�DVێI�9dY�b:9K69�89dJ y3� Y�s,��NQ-_Gd�vPͳ|�f 4D~�\D"p-�ōYip�zCdD"mG=%�m�(.I;`k�R^RQ�x@"TA�ұg.@C׳@g.5^y"
ς2p[��Z�p9�Ѓy^IWGFXTMO`�U!T�PԀO{c_7)~b$EC9'*�iZ=$>JS=R�tqy-NoTrTS+JJЛgQ�!Ӓx-%2 �3\t8O+hs)p~�/O'PFFM�%0]<�TV<^���993קAHL;zf�^P��.+��fv"ُ0o�v#X
0$#�ް�J7eVV5I`˴}I+$uYt�18pxnX��G�=�^UH&r7f�_S_S]����<|�����:)xT-kZ��b[Ԫ�w��>"�4�G�pBR?=beO�p?n ]�~ZUj�
GrF2x�e�-xœ/
%"D6xtL�V*����xA!RēC�cI`���gU�I��� ���N�v� �~{B�n�+�}$/O[��I˯﮻/Ovw5F<7�r`cpV=(; J@�cG$bw}BWsz^^5OOۗk^a�=h��F��!��wnG4ߵ/ŗlO�k\/[R ~Jz0��Լh�� �� k@JA=�o8m.�Y%36P���^S�(+RJ�"4FYM ܢgu3��f��Rt4D?LEr�}#RB'Դ�ӓ4/iY(yqjhd�ꒈ~�~$i&'ءX�ԛ�]5/7'8{�H�po6+PyuX`�L`yl*Z�E2��C}Ҽ�`e>R![yQa}ki-�Y[Y�UH�?�Í�b!�<)D�qzHDCr^T��FfU&Ա0Ak�H:.�tFn��ÝԂ+*`�@,�2k��q
³4/�p���>�8dΓd�fc�T$c\�1!�� zNh�1rS
_{cI��w[uvp߁�؆H.�Er k�G�VɍeiXw|SM`aEvpx\J�|[<,'�Mw[�GN'͋~4/?A
�W�{�O$S��}G��W+u�\�=e1d>HАYc=ty�8#�-[^vzF]�F=jo~vsW}�Ǎ>-8t�Ǡ^C~�Ҁo#I1&�ZQP�WdU)I=Y)ěƓ8�L�b[�pd&QzvAK�JG3`̾�qKW�bR��c��X�]&
{~W�G%u\�{Ze�QJ=�;/qM@kʜ%%դE6/I~�SD��D6Kh#iv.R;K
!bidOc@/lm*輳�&2�O�
a[CV
lIG
Ip�8��Pz�prv�Ɣ@ljl�� 41Q���M� ��5�6D��N8�
X��g+Oi�ƿ'%gc#ZT=�9b�G#goEuvFeRR% &Lي�u�ruWLw/=u|)Fv�JDñR=�Ǿ
[�G�3E�h/nc���Ylm�bGxaF^�̑c&��ze!NՏw�̠�}.v�Ot*�䩜y��L$J�j
N*�t@:!*�ip�:)7zQsd.:rF�H2�A_BlR
<@>w量Bb4#o��ΜCxӔ
�\;K]1q~Pb�!>qNT=zc[�N>jig5�XR1�f�}Ŕ];*r-YA,WA�%*v�oWH]JCye�bUSX�x"ߦTrjt�W�pN/D(\(uH<9Zf!@�hdd.�!d��dݦ~8Nj3N2,U�;87iԔ3Jj_mh6`cq=,Ͷh;� ez6��v ��*O,CMm�j]|u*e<�=YI-dX�~͙o+F�B��#6\:�+W:!r|X��N\�,~GyT̀$�� ts�=�`��\`5ª�^
�QmD�7{�=M�s"�9(6J�3]-x�sNoa
"!95Hx%�#5���R`���D@��!�DbPMǓpƆ6xy[QҋM; �t@�i��<�7�sإ͏u KD]u~[\���XV7e5Q_I�vP깶)w`Xs�&[*+� C��$�()xϷ*""SPo<ҖhUyy:O@&nB�3<�|5Bc)�U=|C:!��ApD#18π��٬'$^O@ib/"��I-g�bA92�zuGǡ\@�p���ᐸ�psh�ak�ؖHnX�bshw40}pf�eRYt\cRT"5�c-:d����� y�%�pߖ&{"Yb.{2��O�;vLkg","*GD�����RE)�`MtYcy�f-7�y�s�/��C|]�m�S��ZLcUɆbV$vn83
J1t'\M�Nt_vFm{D�q�ƪ
�ÐMpL-[�J�¸]S㐰
%a$X=t>-��
�(x|P#ĵjQ>ⱄohc>�k�ֽαt!f#�1]?Om�De.Vaј{I\ϩ͒Ρ(`>�E��5
��QZx9kTkLuH1|4�+#Hщ�fռݪaBC;_"Sܻ0QdQ�f�Tйi`U��o`ݱ:�cW/��]_gËp>M8kɹ!g�zm{q%�.⛽I2��́+ķz4
<[l[\W�^B|C-(vj}+fjDR�i��[�o�n6௶�a2(>⧞Tuσ�dhkk�O�]8du^);q;5}vu�0v3=
z!(f� �ʬ�+܉ZIHg�cS8w�4T2,,-U@BFg7�X�-8�"��=0-Nxtowwv]g��2�εW
�5x��d]"6�N�}/[r/6_�i$}�e�1n96E,�C &p6P]?�z�Uct�Sy1< �nDt jq�0waN��:φx]q{QDFʼn�ܳEx8߷~i{
e�S�ZWIYo1sx_�H����?=�w2ct�啤�n z{�8ދ?C�*�nO2;O?�]�-Y?�Q�Cu&߯[zϩ[TD#?�OD)PG%�@~뇺����}
F8�O�H ""
7)���B~\l� U\VM:@��
=_eW:#�AU13ʉmOHx�IM�-3ƝϹB/o1�@.H�e
��hq�Cv�D�2aK��B6��?ė�}�
8Dq$ v�Nz@�m�!2~j*b�dF�yAx!�Fv̏;�Kb+.6Q{$I2pͿ=-��P-o7ČU#r�d! `,%7��TXB0h�Ļ(ĒI
�9���^Rlqn/����9sf4�1%!�]�q>ƘKjtVS�咋�R09B,w%[�dLox?B鞐ք1��vWMz
ԣ:BMeRTU"j�%�gx3�7נǃk1g5܈
�xm; q�sm;5Į
Z�u3FYG�V$VYM� ;�Ӏ9A�y�ĦCa̷UKphZ ǁ;
�APXb�s);� >xo/�5!�I{m��I't:s
N0ډ�J J���?/2RmF�ΝN3E7W۳��Ll%g{+3�66Ƕl�vn|D�uv�7H X�kc{�±@�>[ah濾#RF¯R��9�̪� f㍸=0EU5�Tb0uv_nֿ�|Ɉֲ6m�b=qH| E�QS0��"�\��Ѝ�B9ϫͲ;I/P}�Y?!d=a��'̃3u?|۹zK!ꃶ>J-~'���>+�3>�+$zLD�> XPpM~<��UI٫Tq�N����,X/LKt4*:7"�>m;A=~tLL�RO�"< nn̈́��KCVY`Oh$�}Yb\�SW,d�b"1��y"��qujl_M{�a/!�I@��k�`�0ؑ?MHG��7%�`���3~�9a6$�.~W Sx�wr�x7tX$l.c₵
к�lM?�#ᘭ#!K%I� HSvr֨n~)�J HBR/sO0�ᑩ\S8�/ȘhD
M(qTiK$�{`:Yj�s!aZ;�Q/�B�<ⱴ�P�L<'�<(7,Xy�뽉e�2'���x���b֔J$r�|:PJf�ٕa*걪VR;Ǖ/?�(^<�;Uk2QqҹJV!�J�`z�zA
dh8{߃J�
-C#�.a@}lF�Dwn�9��ͫ{M"ǽUݽ$ǭ
k¶-�~?V9~<^}:Mx(o/PJ�E_C�Nia�>3��yzz|j%om8�5go|v=�,fy�P�M�/ǭ��}�j4=6wa\q���4ħEOB#ryT}n�"W(5�)'MfNy�ʻ9@VN .?��]N߽ۅy{uyhC9L2�B^NG(�_�kO��<@N�};@N�}:'��g'?;�D��)?@?r;P)�K��..n~+�W9s�r����忭.�>>@rC�~�~�rw�7y79{��wi['I9v�ʛ9rּ۩�qNy8J�E^�S^9L.r�&{#sg#�S{W�K0TtůM5n+�ǤZ6tv��__@�%\e$2/MC[P�/<*^}�Mq�4
k 7�_E�b=>�b�槴K��x崝#&[JŻ2o*,7�cŘNXE�9s8�WɴVی �S##�|,y�
|�SAt��b�_AR-c�#]q�N8�5�P7].�6pqQ0n/c+ �4���ث�.Hkz>s5�[xmcQ*V��Ymx
0l#;W)%@9$�La׳ﰌL\�Pcg~&ɱ=s]L�
YI�#,�XA0|{I�g3ېMX9gl]*b�"�5
ѓIF�?=; ?n
39.g�M��
ıG�9Яǭc�ˡ�;|;ed`�
NuOЫ�HG҇]"�9�oޛg��΅*;2A$h8U�g�fx
%sPج1f�QSl*
u
$zHN�7}��ޜIB#�|^���(09�w]^<�t�=4w[ .Mr�"�n#xn���!n�ݗ[��/N�篕jkNK<�Ix1@x�>}r)�1-�XӸƠ�Q^�I3Zc7"9ݜ�ݿ2aс(Y�ŝ{XmDX�>�̆I�W"nr';Ӏ,<�Tv#0?��Fӥc�X00wYW�-�'/Հ�m'�[_�{j��Y3!?gpI�fd<��b2OZ>ಓ:W�`�(cy��x&f%b P|_A�;\�5D�='�܄0EO
|6����͇G�&l�����C~rh=E(y��7�4��"�7q�>+s��o�27���X�&}#;Ç5
h9Q)x�a�t(E̮�hD V_�z!$~ŗ��<�>L4G�3&ٹc9*5>S�b��N�aDR��}F�0yNm�v8N@9DyPޙ!/[vcSF)��'VNp�)hDA�܀y�<٣u��ğ m��; 3C��]@M�[xA\`T l�d@Nlo�M5]1�ue|�nqW:��7�Ge Lt8=B3`�ܐ}o��p�?��sQnT [��r@㓉bܢ�����\n��.�i}.�KE0��x,8.� +mfN[�稹kv��WvmwY^�:��uG=�?�h�ym�x�:< ׁ]"�b�1{×J1~�S.t��tYli�@�J]=�� �mE73B*�| X��`GI�4{Wz5q�좢e��..Daa"^o1n,$�A�^X�gw{,*)v�e�6�/l�XGڦJM¶":qpxm;}�+{.^V2��X!x\�v�$1�9�a�|X���Q|u��Ϗp�`��f6�뙣?\g0^m�,eHcKqd!5"�$䰭Z�']DYhX!L;,lqFd%e��2JACb�0w����lv�S#;Tf7}O �攠
ϰ"�- s�Wm��xDx\N\�5E~1zpP��VqܨʹkcRK2A5F�e�l߁)�H'BH~Ð`!cXq�k @{k�6�=<��ϺrIQS|�J);�O���.@}�P��
=`#hxb
"��>�v$ݐ�ż"D0;qVTHk(LΡobШ
aևl&~͘&TH.���.�ӷv!{h�Zq�|_E>�OdN<=�&Idy�{S/|1�_<|:L+?�Nr�+�?�aebs�|h-܍S,{ٗΚCRI>P�}���<ځv? a�
ѸTǓ�ߴKO��,�ںqK'<�mGx{}ʂ`�Rw�P7Ir�fͳ��Ǜ|GbP<ˬZUI#[o[�b&-�Y.ɁR/mt�Ǎo=�Y)lئd�U4K�ßkj�ŗbk�Tʩdi�7�v6Є
Вb7&�i�1ղ�j&��
|
Network Security & Hardware 
