Experts ponder spam, worm-writing connection

As more spam relays are being choked off, experts are examining the possibility that spammers are using worms to do their dirty work.

The glut of virus and worm-writing tools available on the Web has not only created an army of script kiddies but quite possibly elevated the danger associated with spam.

Spammers' motivations lie in turning a profit, unlike online vandals, who are trying to impress their chat room counterparts. As more channels for spreading bulk e-mail are shut down, some security experts fear that spammers are turning to worms to do their dirty work, or are getting in league with writers of malicious code.

Several pieces of malware this year contained enough spam-related components or consequences to merit further examination of the link between the two.

"Spammers are becoming more technically savvy," said Vincent Weafer, senior director of antivirus research for Symantec Security Response. "They'll use whatever tool is convenient and effective for them. It's a tenuous link right now between spammers and virus writers -- no one has been able to prove that link."

In the last three weeks, several variants of the Mimail worm have raised red flags about a connection to spammers. Mimail-C, for example, attempted to launch a denial-of-service attack against antispam and spam blacklist sites. In August, the massive Sobig-F worm dropped a Trojan horse program that some experts speculated could be used as a spam relay.

"Sobig did open a relay, but there's no concrete evidence that it was written by a spammer," said Graham Cluley, senior technology consultant with U.K.-based Sophos PLC. "We do know spammers have under their control some networks via relays and are using these machines as zombies to send spam."

Many Tier 1 Internet service providers and Internet backbones subscribe to spam blacklists like those provided by Spamhaus.org, one of the targets of the Mimail-C worm. Spamhaus, for example, has a database of spam sources, spammers and spam support services that ISPs use as a blacklist.

"A lot of open relays and other avenues for sending large volumes of e-mail are closing," said Chris Belthoff, senior security analyst with Sophos. "It's a logical thought that some spammers have turned to virus writers or are writing them themselves to take advantage of ill-secure e-mail servers."

Clearly, the financial motivation is strong for spammers. Enterprise e-mail administrators, meanwhile, have to deal with spam as a capacity, bandwidth and productivity problem. Patching vulnerable systems keeps a company from becoming part of a spammer's zombie army.

"Worms are one way a spammer can set up a large set of machines to do their bidding," Belthoff said.

Dig deeper on Email and Messaging Threats (spam, phishing, instant messaging)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close