Original URL: http://www.theregister.co.uk/2006/06/26/directory_harvest_attack/

Junk mail scumbags in harvesting attack

One man went to mow...

By John Leyden

Posted in Security, 26th June 2006 16:35 GMT

Spammers launched a huge number of directory harvesting emails over recent days in an apparent attempt to update their email databases. The attack, which lasted several days, peaked on Sunday, 18 June when web security firm BlackSpider intercepted 109 times more of these malicious emails than it normally intercepts.

The flood of emails, used by spammers to collect valid email addresses, originated from a botnet of more than 90,000 compromised PCs, or 'spambots'. Directory harvesting emails are continuing to circulate but in far fewer numbers. Emails that formed part of the attack contained little or no text and were simply used to verify that email address were valid in cases where email servers didn't reject emails. Junk mail lowlifes then used the addresses in their own campaigns or sold verified lists on at a premium to other spammers.

"It appears that the controllers of botnets are refreshing their address lists for a big spamming push. It’s another example of how useful botnets have become to spammers – why spend time harvesting legitimate email addresses from one PC when you can use thousands of PCs to collate addresses at whim," said James Kay, CTO, BlackSpider Technologies. ®