IT Security & Network Security News & Reviews: Bredolab, Spam and the CAPTCHA-Cracking Biz
Bredolab, Spam and the CAPTCHA-Cracking Biz
by Brian Prince
Bredolab on the Rise
After being relatively dormant at the beginning of the year, Bredolab began pushing Webwail Jan. 11, leading to a surge in activity.
This is an example of a spam message containing the Bredolab Trojan. Here, the malware is disguised as an invoice from UPS. When run, Bredolab will download Pushdo, which in turn will download the Cutwail spamming Trojan and Webwail.
Webwail Gets Busy
Webwail is well-adapted for the Web: Dynamic and flexible, it incorporates library updates and a scripting engine to receive/execute tasks and is capable of solving a CAPTCHA in less than 30 seconds. The bot will report back error conditions and send HTML code not handled properly to the server so the attackers can support changes on the fly. Command and control traffic is also encrypted.
Hotmail Account to Go
As of Jan. 15, the Webwail engine was receiving commands to create Hotmail accountspresumably to be used in future campaigns and to spread Bredolab as well.
Flexibility Could Mean Future Problems
CAPTCHA Cracking as a Service
Circumventing CAPTCHA protections is a business, but not one that always pays well for the people doing the grunt work. The wage advertised here is $0.60 to $0.80 for every 1,000 entered CAPTCHAs. By circumventing CAPTCHA tests, spammers can use free, Web-based e-mail services to send out their wares to lower the risk of them being blocked by a spam filter.