Thursday, May 31, 2007

MSN Spamming Bot

An image is sometimes worth a thousand words. This is a screenshot of infected bots spreading spam messages at MSN via typical !spam IRC based command and control. And here's a related article about malware on IM networks as well:

"It is not clear exactly why the number of IM attacks is increasing, but security researchers have their theories. Don Montgomery, vice president of marketing at Akonix, speculated the increase in the number of attacks reflects the increase in the use of instant messaging, particularly on corporate networks. "IM is becoming favored over e-mail as a distribution vector for malware as a result of e-mail security now being employed by 75 percent or more of companies, while IM security is only employed by 15 to 20 percent of companies," Montgomery said. "The hackers are simply turning to the open door."

Two options remain highly lucrative. Either someone’s spamming p3n1$ enlargement propositions and directing to a spam site, or the social engineering efforts aim at visiting an exploit hosting site. No more direct .pif; .scr; or .exe propositions in plain simple text, what’s exploited is mostly client side vulnerabilities and redirectors to break the ice. IM threats stats courtesy of Symantec's IMlogic and here’s a related post regarding the acquisition of the company with Symantec anticipating the emergence of this market segment and investing in it. IM propagation has it cyclical patterns which like pretty much all other propagation vectors reaching a mature level starts getting at least partly replaced by other ways of propagation.

No comments:

Post a Comment