For Mother's Day, Try Some Spam

May 12, 2007

As Mother's Day spam increases, researchers discover an unrelated application being used to control botnets in 54 countries.

Mother's Day is bringing an unwanted gift - spam.

According to researchers at security vendor Sophos, spammers have been trying to sell items like flowers, chocolates and baskets of fruit to consumers who may have not yet purchased presents for their mothers.

"The United States is celebrating Mother's Day on Sunday, and spammers have ramped up their operations to try and sell last-minute goods to forgetful sons and daughters," Graham Cluley, senior technology consultant for Sophos, headquartered in Abingdon, England, said in a statement.

"Mothers may appreciate their children being reminded by a spam to do something special, but buying goods advertised in this way only encourages the spammers to send more junk e-mail. If no one purchased the products sold via spam then the spammers would disappear," Cluley said.

Sophos experts said there are at least 23 different dates used in countries around the world to celebrate Mother's Day, but spammers focus on the North American celebration because it provides them with the largest possible audience.

Meanwhile, security specialists at Panda Software 's anti-malware laboratory, PandaLabs, on May 10 uncovered an application being used to control botnets in 54 countries.

Ryan Sherstobitoff, product technology officer at Panda Software, headquartered in Glendale, Calif., said the tool did not seem to be connected to the recent Mother's Day spam e-mails, but was a threat - particularly if it was used by cyber-criminals.

"Everything has the end-all goal - of stealing - information," Sherstobitoff said in an interview with eWEEK.

The application, called Zunker, contains a statistics section that includes graphs displaying the performance of each bot in the network, the number of available zombies and their monthly or daily activity.

Zunker also lets the user control the bots and allows the user to design the content of the spam with different templates depending on whether the message is aimed at e-mail accounts, instant messaging or forums, PandaLabs researchers said.

Although these tools are common among botnet operators, finding them is not always easy, security professionals agreed.

"The spammers communicate on invite-only forums, which are hard to get access to," said Matt Sergeant, senior anti-spam technologist at MessageLabs. "Some anti-spammers do have this access, but they don't have time to read every post or set up stings to get access to the tools."

Sergeant said he and others at MessageLabs, headquartered in Gloucester, England, suspect that botnet operators have teams of programmers at their disposal to create tools like Zunker. He suggested users take the well-known precautions of having a basic level of firewall and anti-spam protection, and urged them not to click on anything from a disreputable or unknown source.

"ISPs can help by blocking port 25 and checking block lists for users within their networks for infections," he said, explaining that the move would allow ISPs to isolate infected users and assist them with the cleanup.

Copyright 2007 by Ziff Davis Media, Distributed by United Press International