Security

This article is more than 1 year old

Why spammers lurve the ‘Microsoft support’ worm

The next Sobig thing

Wed 21 May 2003 // 15:52 UTC

The latest Windows mass mailer worm could be used by spammers to launch bulk mail blizzards from computers they don't own, a security researcher warns.

AV vendors are now reporting the Palyh worm (which poses as a message from support@microsoft.com) as a variant of Sobig-A.

Most vendors are renaming the virus as Sobig-B.

Sobig-A has been implicated in assisting spammers by installing proxy servers on machines it infected.

Joe Stewart, Senior Intrusion Analyst, at security consultancy LURHQ, who wrote a paper on Sobig-A's appropriation by spammers, reckons history is repeating itself.

"It looks like he/she is trying to do the same thing again, because Sobig-B seems to have the same functionality - acting as a primary stage, a foothold to first spread itself then download the real Trojan code later when the author is ready," Stewart told The Register

Fortunately, Geocities is shutting the sites down before the person(s) responsible can do much damage, Stewart notes. But he voiced concern that variants of the virus (which don't rely on Geocities) may follow.

In recent times there have been several examples of spammers using cracking exploits to gain control of victim PCs and send virtually untraceable spam. Insecure WLAN are prone to much the same risks.

Perhaps the most insidious aspect of this is that innocent organisations (e.g. a Vermont prep school - see New York Times story) take the blame for sending spam.

Stewart's paper illustrates the basis for such attacks, and provides another sound reason why people should exercise diligence in guarding against viral risks.

Of course there will always be those who don't bother, but the fewer such people or organisations there are the less of a problem this will pose for the rest of us. ®

External Links

Write ups of the Sobig-B (AKA Palyh or Mankx) by F-Secure and Symantec. Why oh why can't AV vendors agree viral names?

More about

TIP US OFF

Send us news

Topics

Special Features

Vendor Voice

Resources

Security

Why spammers lurve the ‘Microsoft support’ worm

The next Sobig thing

Related stories

External Links

More about

TIP US OFF

Other stories you might like

WhatsApp, Threads, more banished from Apple App Store in China

Unintended acceleration leads to recall of every Cybertruck produced so far

A quarter of 5-7 year olds now use smartphones, says regulator

A different view from the edge

Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals

Germany cuffs alleged Russian spies over plot to bomb industrial and military targets

Wing Commander III changed how the copy hotkey works in Windows 95

Some smart meters won't be smart at all once 2/3G networks mothballed

Your trainee just took down our business and has no idea how or why

UK unions publish AI bill to protect workers from 'risks and harms' of tech

Huawei's latest flagship smartphone contains no world-shaking silicon surprises

Oracle scores big win with Fujitsu Japan for its Alloy partner cloud

About Us

Our Websites

Your Privacy