Earlier this year, I saw some screenshots of the Zunker bot and its controlling interface. I became curious about the existence of other similar interfaces and began paying a bit more attention to the spam coming into my inbox on a personal account. After a few weeks of wandering through IP blocks referenced by the spam, I ran across an open directory containing a few screen shots of what looked like another interface actively spamming multiple products.The following screen shot shows a statistics screen for a botnet they are currently using. Similar to the Zunker interface, this interface also has the ability to group by country. It looks like the feature is broken though, as you can only see one bot, which is originating from Poland. Given that, it is tempting to presume the owner is Polish; however, the interface’s text is entirely in English and the screen shot was found on a Russian server. It could, however, mean that the person leasing this interface is controlling it from a machine in Poland, but this is just an assumption. Efficient Spamming?
The following screen shot displays the different types of configurations currently active on this interface. It clearly shows how the spam Sinstances are managed. As the picture indicates, they are actively spamming pharmaceuticals, watches, and OEM in parallel. It’s amusing how they try to capitalize on their investment.Creating a spam instance
The following screenshot indicates how they configure their spam instances. (If only they had a larger resolution!) In short, the options found on the picture indicate the following:license.server, port and key are issued to the person leasing the framework;
log_file and the subsequent five lines are debugging options;
mysql.* is obviously the sql server they use;
listen.ip and port is where data gets pushed from the license server regarding their statistics; and,
access.list is presumably a list of IP addresses that are allowed to connect to the Web interface.Options found in File 2 look incomplete, but presumably feed options to the utility used to create the email they will ultimately spam. There is not enough information on the other two boxes to deduce any meaningful information.So, do we currently underestimate the development efforts put forth by malware authors? I’d say so, it takes quite a bit of time to develop a framework from scratch for this specific purpose and the funding has to be coming from somewhere. The number of active bots is relatively low, but a total of a quarter million inactive bots is still a worrisome number of compromised machines. I find this type of information fascinating and hope to find more to keep posting cool images of the control interfaces malware authors use for their large-scale networks.

Read More… (From Security Response Weblog)

Mirapoint, the secure messaging expert, today announced that Mike Dodson, the company’s director of Security Strategy, will be speaking on, “Email Takes Center Stage for Managed Services” at HostingCon 2007. via TMCnet
Read More… (From Email Spam News)

A law firm in Colorado has been fined by federal court after a spam filter intercepted an important court notice.
Read More… (From Spam News)

Earlier this year, I saw some screenshots of the Zunker bot and its controlling interface. I became curious about the existence of other similar interfaces and began paying a bit more attention to the spam coming into my inbox on a personal account. After a few weeks of wandering through IP blocks referenced by the spam, I ran across an open directory containing a few screen shots of what looked like another interface actively spamming multiple products.The following screen shot shows a statistics screen for a botnet they are currently using. Similar to the Zunker interface, this interface also has the ability to group by country. It looks like the feature is broken though, as you can only see one bot, which is originating from Poland. Given that, it is tempting to presume the owner is Polish; however, the interface’s text is entirely in English and the screen shot was found on a Russian server. It could, however, mean that the person leasing this interface is controlling it from a machine in Poland, but this is just an assumption. Efficient Spamming?
The following screen shot displays the different types of configurations currently active on this interface. It clearly shows how the spam Sinstances are managed. As the picture indicates, they are actively spamming pharmaceuticals, watches, and OEM in parallel. It’s amusing how they try to capitalize on their investment.Creating a spam instance
The following screenshot indicates how they configure their spam instances. (If only they had a larger resolution!) In short, the options found on the picture indicate the following:license.server, port and key are issued to the person leasing the framework;
log_file and the subsequent five lines are debugging options;
mysql.* is obviously the sql server they use;
listen.ip and port is where data gets pushed from the license server regarding their statistics; and,
access.list is presumably a list of IP addresses that are allowed to connect to the Web interface.Options found in File 2 look incomplete, but presumably feed options to the utility used to create the email they will ultimately spam. There is not enough information on the other two boxes to deduce any meaningful information.So, do we currently underestimate the development efforts put forth by malware authors? I’d say so, it takes quite a bit of time to develop a framework from scratch for this specific purpose and the funding has to be coming from somewhere. The number of active bots is relatively low, but a quarter million total of inactive bots is still a worrisome number of compromised machines. I find this type of information fascinating and hope to find more to keep posting cool images of the control interfaces malware authors use for their large-scale networks.

Read More… (From Security Response Weblog)

Beijing is the most prolific source of spam and viruses, according to Network Box. During June, the company blocked more than four million viruses, worms and Trojans daily, with Beijing accounting for 40 per cent of all viruses released and more than five per cent of all spam.
Read More… (From Spam News)

I use Gmail as my central email repository and usually the spam filters they use are pretty good. via Martin McKeay’s Network Security Blog
Read More… (From Email Spam News)

THE FBI has revealed that it has 70 active investigations into spam-related crimes. Talking to the FTC’s Spam Summit in Washington, the DOJ and FBI said that the public could expect more prosecutions from spam and botnet activities in the coming months.
Read More… (From Spam News)

Last month, scam and fraud spam surged to 14% of total spam traffic, up from 9% in March according to Symantec. Overall spam levels remained consistent in June, at about 65% of basic e-mail traffic, and image spam declined.
Read More… (From Spam News)

Security vendors and users agree that image spam is finally on the decline, but at the same time a new kind of spam is emerging that uses an attached PDF file to trick recipients into buying stock in a company.
Read More… (From Spam News)

Lawyer Frank Azar’s law firm blamed a spam filter for blocking an important federal court e-mail, causing the firm to miss a court date.
Read More… (From Spam News)

The Japanese Internal Affairs and Communications Ministry is planning a series of improvements to current anti-spam regulations in the country, and hopes to impose tougher restrictions on people and organisations wishing to send out unsolicited advertising messages.
Read More… (From Spam News)

Posted Jul 16th 2007 11:44AM by Brian Alvey One of the nice things about not checking email for a couple of days is that I get to catch up on all of my spam. via The Brian Alvey Weblog
Read More… (From Email Spam News)

“And even I wind up, in all the years I’ve been doing this, I just wind up ignoring them”

If you get an offer for free gift cards to your favorite spots in your e-mail, here are some things to consider before you click on it. via KCBY-TV Coos Bay
Read More… (From Email Spam News)

The SSG 140 Firewall/IPSec VPN Security Appliance from Juniper Networks offers an ideal mix of performance, security and LAN/WAN connectivity for your network. via Digital Pro Sound
Read More… (From Email Spam News)