Hacking has gone commercial! What was once a playground for script kiddies, as well as hackers trying to build online reputations and earn bragging rights, has turned into big business. Spammers--and, increasingly, phishers--are using malicious mobile code (e.g., worms, viruses, Trojan horses) to spread rogue email messages.
According to MessageLabs, a leading email-service security provider, spam accounted for 73 percent of all email in 2004. What might surprise you even more is that compromised, open SMTP relay servers didn't send most of that spam. In its October 2004 report, MessageLabs also revealed that the source of 70 percent of the spam was spambot networks. Let's take a look at what spambots are, how they work, how they pose a threat to your environment, and how you can combat them.
What Are Spambots?
Spambots are malware specifically built to find innocent machines, take control, and send spam. Early spambots roamed the Internet, harvesting legitimate email addresses and forwarding them to the spammer or
taking advantage of SMTP servers with open relays. Today, spambots have mutated into self-replicating, self-updating, mass-mailing spam engines. In a typical scenario, a spambot uses a malicious mobile-code vector to infect a PC. The end user either clicks a rogue email attachment, letting the spam worm exploit an unpatched buffer-overflow vulnerability, or the user unknowingly installs the spambot in a shareware scenario. The spambot then installs itself into one of the computer's many auto-run areas, sets up an SMTP engine, and begins sending spam messages. . . .
