A sudden increase in spam has been identified in the latest security report
issued today, as cyber-criminals gear up for a pre-Christmas blitz.
Spammers are using new weapons to evade detection by conventional security
software and increase their success rate, according to the October 2006
Intelligence report from security firm
MessageLabs.
Advertisement
One of these is a 'dropper' variant of the Warezov virus, which instructs the
infected computer to download a second component, an executable file, from an IP
address.
Usually the .exe file downloads a spam message and email addresses, turning
the infected computer into a spam production house, MessageLabs senior analyst
Paul Wood told
vnunet.com.
Using a dropper technique means that Warezov does not have to deliver all its
code in the initial infection, making it harder to detect using conventional
antivirus software.
Furthermore, variations of Warezov have been issued in batches. Conventional
antivirus software works by identifying the virus signature, the string of code
which makes up the virus.
By altering the code subtly with each variation, the virus can evade
detection until antivirus firms identify the new variation and issue an update.
Warezov variations have been released over weekends when staffing levels at
antivirus firms are lowest, which means that security firms have struggled to
issue patches in time, according to Wood.
Large computer systems which use heuristic, or rules-based, filters can weed
out these variations, but such tools are not viable for single PCs as they would
sap too much processing power.
Another weapon in the spammers' new arsenal is a spam-sending Trojan dubbed
SpamThru which employs the "spam cannon" technique. This uses a template for
each spam and combines it with a list of email addresses, similar to a mail
merge.
Do you agree?
Have your say on this article