Spammers gear up for pre-Christmas blitz

Spammers are using new weapons to evade detection by conventional security software

A sudden increase in spam has been identified in the latest security report issued today, as cyber-criminals gear up for a pre-Christmas blitz.

Spammers are using new weapons to evade detection by conventional security software and increase their success rate, according to the October 2006 Intelligence report from security firm MessageLabs. 

One of these is a 'dropper' variant of the Warezov virus, which instructs the infected computer to download a second component, an executable file, from an IP address.

Usually the .exe file downloads a spam message and email addresses, turning the infected computer into a spam production house, MessageLabs senior analyst Paul Wood told vnunet.com.

Using a dropper technique means that Warezov does not have to deliver all its code in the initial infection, making it harder to detect using conventional antivirus software.

Furthermore, variations of Warezov have been issued in batches. Conventional antivirus software works by identifying the virus signature, the string of code which makes up the virus.

By altering the code subtly with each variation, the virus can evade detection until antivirus firms identify the new variation and issue an update.

Warezov variations have been released over weekends when staffing levels at antivirus firms are lowest, which means that security firms have struggled to issue patches in time, according to Wood.

Large computer systems which use heuristic, or rules-based, filters can weed out these variations, but such tools are not viable for single PCs as they would sap too much processing power.

Another weapon in the spammers' new arsenal is a spam-sending Trojan dubbed SpamThru which employs the "spam cannon" technique. This uses a template for each spam and combines it with a list of email addresses, similar to a mail merge.