Technology: The business and culture of our digital lives, from the L.A. Times

| Main |

More spammers now selling semi-real stuff

12:22 PM, June 16, 2008

Security researcher Patrick Peterson CORRECTION JUNE 16: An alert reader pointed out that we are now among those who have botched the reporting on some of Google's findings about malware. An original version of this post from June 11 said that more than 1% of the first listings link to dangerous pages. In fact, it's more than 1% of all search results. The "I'm Feeling Lucky" button can be hijacked, other researchers say, but that's a separate issue.

-----

We reported this morning on a new study by Cisco Systems' IronPort mail-security unit. (IronPort security researcher Patrick Peterson, at left.) The final version of the paper is now available, although you have to register before you can download it. The document is a deep dive into one of the most effective Trojan horses of all time, known as Storm.

The most interesting part isn't the technology, although that's quite impressive. And certainly other spam operations have by now captured more computers in unwitting homes and offices to turn them into spam-spewing zombies.

What's most interesting is the convincing link between Storm and a thriving real business, albeit one devoted to manufacturing imitations of branded pharmaceuticals. It's not that the Eastern European author or authors of Storm suddenly wanted to go legit. But they realized that the best way to make money from spamming was to have merchant credit card accounts, which means they can't simply rip off all of their customers.

So voila: When you order the drugs, you usually get roughly the right amount of the active ingredient. Though we don't recommend trying that.

Two other tidbits from the report: The bad guys have defeated the CAPTCHA system: the muddled letters and numbers that, in theory, only humans can decipher in order to open e-mail accounts.

And they have also gotten slick enough at search-engine optimization that more than 1 in 100 of the links returned to users in Google search results contained malware. So before you click on Google's "I'm feeling lucky" button, please consider whether you really mean it.

-- Joseph Menn

Photo: IronPort


TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d8341c630a53ef00e55366f4318834

Listed below are links to weblogs that reference More spammers now selling semi-real stuff:

Comments

Not a bad read, but there is NO mention in the entire 16 page PDF document about "the bad guys defeating the CAPTCHA system", so I'm not sure where you got that idea.

Thanks for catching my slip-up. For some reason, that finding was touted in the press release but not the final report. And while the report is on the IronPort site, for some reason the press relase is only on IronPort parent Cisco's site. Here it is, though: http://newsroom.cisco.com/dlls/2008/prod_061108c.html.

Post a comment
If you are under 13 years of age you may read this message board, but you may not participate.
Here are the full legal terms you agree to by using this comment form.

Comments are moderated, and will not appear until they've been approved.

If you have a TypeKey or TypePad account, please Sign In





@latimes Tech, always on...


Follow @latimestech for <140c updates.
Recent Comments
Tales from the people who answer KGB's text-message search queries
Seems like a cool service if youre on-th...
comment by jeremy
Obama addresses marijuana questions in online town hall
legalize it , good jobs and source of in...
comment by kenny
TECHNOLOGY REVIEWS
Depending on the model, your device features either a hard drive or flash drive that allows you to read and write files to it just like an external drive.
More from KTLA.com