Spam in September 2010: ZeuS-Related Arrests and the Final Days of SpamIt
the LinkedIn social network were the victims of one of the biggest spam
attacks in September. The attack saw a host of messages being
distributed with a link to ZeuS, a malicious program which has been the
focus of many an antivirus company’s attention. The messages came in
spurts at the end of the month and displayed headings such as “LinkedIn
Update”, “LinkedIn Messages” and “LinkedIn Alert”. The body of the
message informed recipients about two unread messages.
When a user clicked the link their computer was infected with one of
the variations of the Trojan-Spy.Win32.Zbot (ZeuS) program. The link to
the ‘private messages’ either led to automatically generated
second-level domains in the .info zone or to hacked domains in the .com
zone (in the latter case the links ended in 1.html).
The ZeuS theme continued with the arrests of several dozen Eastern
Europeans by U.S. and British authorities. They were accused of using
ZeuS to steal $70 million over the last eighteen months. The criminals
had laundered the money using fake credit cards with credentials they
had acquired with the help of ZeuS.
The arrests appear to have forced the other members of the criminal
gang to lie low, at least in the USA and the UK, because there was a
considerable decrease in the number of Zbot (ZeuS) detections by mail
antivirus programs in the territory of these countries on September 30th, the day of the
arrests. The other big event in September was the
imminent closure of the vast criminal partner program SpamIt, notorious
for its commitment to the Canadian Pharmacy Viagra brand.
“Our spam-related forecasts for October are, on the one hand,
positive – the closure of SpamIt at the end of September will no doubt
affect the amount of Viagra adverts. On the other hand, the end of the
month was marked by a growth in emails containing malicious code, which
means the spammers have already switched from advertising
pharmaceuticals to spreading malware,” said Maria Namestnikova, Senior
Spam Analyst at Kaspersky Lab.