SPAM - use of a client/server architecture for major attacks
Posted
Thursday, January 18, 2007 4:12 PM
by
hwaldron
This interesting weblog entry discusses an industrial strength client/server topology that's being used for spam generation. A server contains templates plus email addresses (e.g., 68GB worth - WOW). The spambot clients (a.k.a., zombies) then interact with the master servers to create all these text and image based spam messages we have to clean up after daily.
F-Secure: Commercial-grade redundant client-server backend systems for SPAM
http://www.f-secure.com/weblog/archives/archive-012007.html#00001085
QUOTE: Oh man, there's a lot of spam out there nowadays. The Warezov gang is using variants of Warezov and Medbot/Horst to send out medication and replica spam. The Rustock gang is using Mailbot.AZ and variants to send out stock spam. The Warezov gang is apparently operating from China and the Rustock boys from Russia.
Machines infected with Medbot use a client-server architecture. They connect to a central server to get further instructions as well as spam content and address lists. Then they get to the work of actually sending the spam.
The server addresses keep changing. Last week <<URL-removed>> was used to serve e-mail addresses to the bots. While investigating the case last week, we downloaded some 68 GIGABYTES of e-mail addresses from this server.
Another good example of the client-server architecture is the service running at <<URL-removed>>. This URL serves randomized HTML templates for different spam mails. The URL is live at the moment of this posting. If you access it and reload the page, you'll get a different spam template every time