Analysis of Spam Thru botnet
Mark Sunner, Chief Security Analyst at MessageLabs was among the many security analysts watching one Trojan called “Spam Thru”, a piece of malware designed to send spam from an infected computer, at the turn of last year. Spam Thru represented an expontential jump in the level of sophistication and complexity of these botnets, harnessing a 70,000 strong peer to peer botnet seeded with the Spam Thru Trojan. Spam Thru is also known by the Aliases Backdoor.Win32.Agent.uu, Spam-DComServ and Troj_Agent.Bor.
Spam Thru was unique because it had its own antivirus engine designed to remove any other malicious programs residing in the same infected host machine so that it can get unlimited access to the machine’s processing power as well as bandwidth. It also had the potential to be 10 times more productive than most other botnets while evading detection because of in-built defences.
The thing that worries Mark Sunner the most is that he suspects the major traffic spike towards the end of 2006 was merely a test run for more if not similarly sophisticated botnets to follow. Sunner adds
” With new levels of sophistication this has reached a real milestone. Botnets are getting smaller, more stealthy and more discreet and yet the volumes of spam are going up. Without a hint of scaremongering, will this get a lot worse throughout 2007 in terms of botnet sending? Absolutely, yes.”
The British IT-Sicherheitsfirma Message Lab registered a dramatic increase in Spam Mail traffic from 64.4% to 72.9% late last year, all attributed to Spam Thru.
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
Comments(0)



All of us have experienced the tremendous pains of spam. Who can remember the glory days of Hotmail 2MB storage where 85% of the inbox was filled with spam. While this plague is going to exist for some more time, here are a few tips we can take to overcome this issue and prevent spam from hitting your inbox.
