SCF Advanced Search

banner

banner

Members
Stats
  • Total Posts: 38467
  • Total Topics: 13016
  • Online Today: 1193
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









banner

Post reply

Name:
Email:
Subject:
Message icon:

Verification:
Type the letters shown in the picture
Listen to the letters / Request another image

Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

shortcuts: hit alt+s to submit/post or alt+p to preview


Topic Summary

Posted by: Samker
« on: 03. May 2008., 12:40:08 »



Security researchers have discovered a complex spamming scheme that hijacks users' PCs in order to attempt to send junk mail via university and military systems.

Researchers at Romania-based BitDefender said the scheme, based on a backdoor called Edunet, was one of the most complicated and mysterious they've come across.

"It's not every day that you stumble on the workings of an honest-to-God hacking ring, let alone one that has a predilection for using military and university-run mail servers as spam relays," said Sorin Dudea, BitDefender's head of anti-virus research, in a statement.

The scam starts with junk emails that offer links to videos. When a user clicks on the link he is prompted to download a "media player" - something that should in itself ring alarm bells, since most videos currently use players embedded in a web page or in the operating system itself.

The "media player" download is in fact the Edunet backdoor, which creates a botnet used to attempt to send spam via a list of mail servers, BitDefender said.

One of the curiosities of Edunet is that these mail servers are mostly in the .edu and .mil domains. On these servers the botnet looks for open relays - a type of misconfiguration often used by spammers to disguise the real origins of the junk mail.

"It would be interesting to identify what, if anything, the institutions that own the targeted servers have in common," BitDefender's Dudea stated.

So far, the scheme doesn't seem to have been very effective, since none of the targeted servers actually host open relays, BitDefender said.

While the list of targets has remained fixed, the botnet takes its commands from a list of servers that is constantly changing, making it difficult to pin down where the commands are coming from, the company said.

(Copyright by PC World)


Do you have comment?!
Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising