Mass spamming worm
Wednesday, November 22, 2006
Recently there have been a number of articles on the recent increase of junk email. It is likely that one of the causes of this surge is the result of a new Trojan written by a group of Russian hackers.
The trojan has been given many names by various security teams, one of the names it is commonly known by is SpamThru.
SpamThru is similar in nature to others that have circulated in the past, it infects a machine and starts pumping out junk email. However, this particular bundle of joy is smart enough to find and communicate with other infected machines using its own peer-to-peer network. Since the infected machines do not need to report back to a central server, it is much more difficult to stop in its tracks.
It generates and emails image spam by the bucketfull, and is smart enough to very each image slightly so that it is more difficult to detect with spam filters.
Spamthru also contains its own anti-virus/anti-spyware engine and it attempts to clean the existing spyware off the infected machine so it can run more efficiently.
In short, this one is smart - very smart. A recent study shows that of the 166 countries that have been observed to be affected by SpamThru, the United States had the highest concentration of infected machines.
As always, one of the best defenses is to make sure that your Anti-virus and Anti-Spyware software is running and up to date. Do periodic scans, and if you notice anything out of the ordinary have your computer looked at by a professional.