Once a Windows machine is infected, it becomes a peer in a peer-to-peer botnet controlled by a central server. If the control server is disabled by botnet hunters, the spammer simply has to control a single peer to retain control of all the bots and send instructions on the location of a new control server.
Stewart said about 20 small investment and financial news sites have been breached for the express purpose of downloading user databases with e-mail addresses matched to names and other site registration data. On the bot herder's control server, Stewart found a MySQL database dump of e-mail addresses associated with an online shop. "They're breaking into sites that are somewhat related to the stock market and stealing e-mail address from those databases. The thinking is, if they get an e-mail address for someone reading stock market and investment news, that's a perfect target for these penny stock scams," Stewart said in an interview with eWEEK.
The SpamThru spammer also controls lists of millions of e-mail addresses harvested from the hard drives of computers already in the botnet. "This gives the spammer the ability to reach individuals who have never published their e-mail address online or given it to anyone other than personal contacts," Stewart explained.
Stewart discovered that the image files in the templates are modified with every e-mail message sent, allowing the spammer to change the width and height. The image-based spam also includes random pixels at the bottom, specifically to defeat anti-spam technologies that reject mail based on a static image.The botnet is theoretically capable of sending a billion emails each day, with each having multiple recipients. And the total volume of spam has increased by 500% in the past 3 months.
Want to say something? Do so here.
Note to spammers: This comment system applies the rel=nofollow attribute to the poster's URL and all links. Posting links to this page will not improve their search engine rankings.
Please keep comments on topic and to the point. Inappropriate comments may be deleted.
Note that markup is stripped from comments; URLs will be automatically converted into links.