More spammers now selling semi-real stuff
CORRECTION JUNE 16: An alert reader pointed out that we are now among those who have botched the reporting on some of Google's findings about malware. An original version of this post from June 11 said that more than 1% of the first listings link to dangerous pages. In fact, it's more than 1% of all search results. The "I'm Feeling Lucky" button can be hijacked, other researchers say, but that's a separate issue.
-----
We reported this morning on a new study by Cisco Systems' IronPort mail-security unit. (IronPort security researcher Patrick Peterson, at left.) The final version of the paper is now available, although you have to register before you can download it. The document is a deep dive into one of the most effective Trojan horses of all time, known as Storm.
The most interesting part isn't the technology, although that's quite impressive. And certainly other spam operations have by now captured more computers in unwitting homes and offices to turn them into spam-spewing zombies.
What's most interesting is the convincing link between Storm and a thriving real business, albeit one devoted to manufacturing imitations of branded pharmaceuticals. It's not that the Eastern European author or authors of Storm suddenly wanted to go legit. But they realized that the best way to make money from spamming was to have merchant credit card accounts, which means they can't simply rip off all of their customers.
So voila: When you order the drugs, you usually get roughly the right amount of the active ingredient. Though we don't recommend trying that.
Two other tidbits from the report: The bad guys have defeated the CAPTCHA system: the muddled letters and numbers that, in theory, only humans can decipher in order to open e-mail accounts.
And they have also gotten slick enough at search-engine optimization that more than 1 in 100 of the links returned to users in Google search results contained malware. So before you click on Google's "I'm feeling lucky" button, please consider whether you really mean it.
-- Joseph Menn
Photo: IronPort
RSS: Subscribe to this Blog
Not a bad read, but there is NO mention in the entire 16 page PDF document about "the bad guys defeating the CAPTCHA system", so I'm not sure where you got that idea.
Posted by: PERRYinLA | June 11, 2008 at 02:56 PM
Thanks for catching my slip-up. For some reason, that finding was touted in the press release but not the final report. And while the report is on the IronPort site, for some reason the press relase is only on IronPort parent Cisco's site. Here it is, though: http://newsroom.cisco.com/dlls/2008/prod_061108c.html.
Posted by: Joseph Menn | June 11, 2008 at 03:17 PM