Bugwatch: The emergence of convergence

The line between spammers and virus writers is becoming increasingly blurred

Natasha Staley

This week Natasha Staley, information security analyst at MessageLabs, considers the sinister and growing trend of spammers and virus writers incorporating each others' tactics.

Spammers are often regarded as a pretty unsophisticated bunch when it comes to technical skills.

Advertisement

Adept at sending hundreds of thousands of unsolicited commercial emails they may be, but they are rarely renowned for using sophisticated techniques in order to facilitate the spread of spam.

Virus writers, on the other hand, are generally thought of as a technically superior group.

Although some of them have only basic IT skills and may even use 'kits' to write viruses, others are experienced programmers capable of producing increasingly complex malicious code.

But the line between spammers and virus writers is becoming blurred as each makes use of tactics typically associated with the other.

As a result we are seeing spam incorporating methods for harvesting emails and bypassing detection and viruses manipulating open relay servers and open proxies in order to spread further.

Possibly the most prominent example of convergence is the SoBig family of worms. Each version used a slightly more sophisticated method than the one before, culminating in SoBig.F, the most prolific virus of 2003.

Not only did SoBig.F manage to spread at an exponential rate, it used a Trojan to subtly install open proxies on thousands of machines the world over.

Spammers could then send small volumes of spam through these open proxies before moving on to the next batch. The relatively low amount of activity helps to ensure that no alarm is raised.

Estimates suggest that 60 to 70 per cent of the world's spam is sent through open proxies, indicating that this kind of technique is more widespread than previously thought.

There are several reasons why this trend is likely to continue. Neither spam nor viruses show any signs of abating so it is natural to assume that, now their paths have crossed, the perpetrators of each will find more ways of using 'borrowed' techniques to achieve their purposes.

The most compelling reason to believe that this convergence will become one of the dominant IT security themes of 2004 is the fact that it works.

SoBig.G isn't too far away; but I'm willing to bet it will only be just one of many pieces of malicious code constructed using convergence.

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Further reading

Related whitepapers

Related jobs

Most watched

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

Top 10 IT thrillers

Off-the-wall innovations that make life as easy as 1-2-3

Windows logo

What does Windows 7 mean for Microsoft?

With the sting of Vista still fresh, Redmond has to...

david cameron

V3.co.uk weekly debrief, 10 July 09

This week Conservative Party plans for decentralised data storage and...

Small office

SME tech sales tough despite projected success

Midmarket organisations still tend to rely on manual processes

Primary Navigation