Ironworks Gaming Forum - View Single Post

Larry_OHF · 06-26-2003, 09:42 AM

UPDATE:

Virus turns PCs into spam machines

Two tempting e-mails trick recipients into aiding spammers

By Bob Sullivan
MSNBC

June 25 — Another version of the SoBig virus, the fifth in recent weeks, hit Internet users Wednesday. Antivirus firms quickly raised the risk to medium as the worm started spreading rapidly during U.S. business hours. The latest SoBig outbreak, plus another malicious effort also unleashed Wednesday, show the line between viruses and spam continues to blur. What’s worse, virus writers are refining techniques to hijack innocent victims’ computers, turning them into an army of spam machines.

THE LATEST SOBIG WORM, as with previous versions, installs a small e-mail program on infected machines which can be used later by spammers.

Hijacked machines are the perfect tool for sending out spam, since it becomes almost impossible to trace the spam to its original sender.

This new version of SoBig has been adjusted yet again to outwit many corporate antivirus techniques. It spreads as a “.zip” file, a commonly used compression format. Many corporations that now block potentially infected attached files, such as .exe files or Word documents, still let Zip files through to e-mail recipients.

In the past, opening Zip files required a little extra work by the recipient, but Microsoft’s Windows XP comes with software which makes it easy — and in this case, makes the virus writers’ job a little easier as well.
(MSNBC is a Microsoft - NBC joint venture.)

Like other SoBig worms, “SoBig.E” is set to expire in about three weeks. At this point, it’s clear the author plans to simply keep pushing out new versions of the worm every few weeks in an attempt to keep an army of spam machines available, says Mark Sumner, chief technology officer of MessageLabs Inc.

“It is pretty dastardly,” Sumner said. Perhaps as much as 70 percent of all spam is now being sent from hijacked machines, he added. “This would seem to be the method of choice in the advanced spam community.”

Spam is also a factor in the spread of SoBig. The virus author doesn’t rely only on traditional programming techniques, such as reading the victim’s e-mail address book, to propagate the program. Each time, it has also been sent out to spam mailing lists, Sumner said.

In fact, the second of today’s malicious e-mails — known simply as “Downloader-BN” — is pure spam, just an e-mail without malicious code, said Craig Schmugar, a virus research engineer at Network Associates Inc.’s McAfee division. The author simply sent a spam urging recipients to visit a Web site and download a critical update for Windows. Perhaps hundreds of thousands of the notes went out, Schmugar said. Spam techniques are so efficient now, he said, that some viruses no longer have to worry about clever programming techniques to spread their worms.

The good news about Downloader-BN — it was apparently a one-shot e-mail that’s run its course. The bad news — recipients who followed the link were tricked into downloading a Trojan horse on their machine which could also be used to send spam.

Sumner thinks the blending of spam and viruses is likely to continue.
“In the past, with viruses, it was about malicious intent,” Sumner said. “The big difference here is there is money in this.”

06-26-2003, 09:42 AM	#7
Larry_OHF Ironworks Moderator Join Date: March 1, 2001 Location: Midlands, South Carolina Age: 49 Posts: 14,759	UPDATE: Virus turns PCs into spam machines Two tempting e-mails trick recipients into aiding spammers By Bob Sullivan MSNBC June 25 — Another version of the SoBig virus, the fifth in recent weeks, hit Internet users Wednesday. Antivirus firms quickly raised the risk to medium as the worm started spreading rapidly during U.S. business hours. The latest SoBig outbreak, plus another malicious effort also unleashed Wednesday, show the line between viruses and spam continues to blur. What’s worse, virus writers are refining techniques to hijack innocent victims’ computers, turning them into an army of spam machines. THE LATEST SOBIG WORM, as with previous versions, installs a small e-mail program on infected machines which can be used later by spammers. Hijacked machines are the perfect tool for sending out spam, since it becomes almost impossible to trace the spam to its original sender. This new version of SoBig has been adjusted yet again to outwit many corporate antivirus techniques. It spreads as a “.zip” file, a commonly used compression format. Many corporations that now block potentially infected attached files, such as .exe files or Word documents, still let Zip files through to e-mail recipients. In the past, opening Zip files required a little extra work by the recipient, but Microsoft’s Windows XP comes with software which makes it easy — and in this case, makes the virus writers’ job a little easier as well. (MSNBC is a Microsoft - NBC joint venture.) Like other SoBig worms, “SoBig.E” is set to expire in about three weeks. At this point, it’s clear the author plans to simply keep pushing out new versions of the worm every few weeks in an attempt to keep an army of spam machines available, says Mark Sumner, chief technology officer of MessageLabs Inc. “It is pretty dastardly,” Sumner said. Perhaps as much as 70 percent of all spam is now being sent from hijacked machines, he added. “This would seem to be the method of choice in the advanced spam community.” Spam is also a factor in the spread of SoBig. The virus author doesn’t rely only on traditional programming techniques, such as reading the victim’s e-mail address book, to propagate the program. Each time, it has also been sent out to spam mailing lists, Sumner said. In fact, the second of today’s malicious e-mails — known simply as “Downloader-BN” — is pure spam, just an e-mail without malicious code, said Craig Schmugar, a virus research engineer at Network Associates Inc.’s McAfee division. The author simply sent a spam urging recipients to visit a Web site and download a critical update for Windows. Perhaps hundreds of thousands of the notes went out, Schmugar said. Spam techniques are so efficient now, he said, that some viruses no longer have to worry about clever programming techniques to spread their worms. The good news about Downloader-BN — it was apparently a one-shot e-mail that’s run its course. The bad news — recipients who followed the link were tricked into downloading a Trojan horse on their machine which could also be used to send spam. Sumner thinks the blending of spam and viruses is likely to continue. “In the past, with viruses, it was about malicious intent,” Sumner said. “The big difference here is there is money in this.” __________________