Orange County Security SIG

Notes and comments of a Special Interest Group on computer security.

November 05, 2006

 

Spamthru

Well, it's official now. Mal-ware is the most secure thing on many computers and Internet sites today. I was reading a list of big security mistakes when a very sophisticated web robot started going around. One that has many features to combat any attempt to compromise it. I will use that robot (bot) to highlight some of the security actions I've talked about before. The three lists cover places that private information has been lost because the data wasn't encrypted, sites that can be used for Cross-Site-Scripting, and banks that don't encrypt logins. The bot, "Spamthru", is a very complicated money making spambot that promotes a stock pump-and-dump scheme. This trojan was found by the famous malware researcher Joe Stewart of LURHQ (now owned by SECUREWORKS). It is based on spyware dating back to March but a new version was found in October. It is much more complex than previous spam-bots like Sober, Bobax, or Bagle. It's complexity rivals some commercial software. I guess you could call spam a business endeavor which would give the writers motivation to produce a quality product. While there have been programs that automate sending spam before, spamthru uses some techniques that sets it apart from it's predecessors. Some of the techniques listed have been used before, but a couple are brand new ideas. What it does: How to protect yourself from it: How to clean yourself of it: X-CLEANER removes SPAMTHRU on a desktop and both RTGuardian and G.E.M. handle enterprise networks. MISC URLS XSS hall of shame; www.nist.org/nist_plugins/content/content.php?content.61 banks that use insecure logins; www.securewebbank.com/loginssluse.html Non-Encryption hall of shame; www.nist.org/nist_plugins/content/content.php?content.54 AUTORUNS and TCPVIEW; sysinternals.com CCLEANER; ccleaner.com WINPATROL; winpatrol.com SPYBOTS&D; www.safer-networking.org/en/download/ X-CLEANER; www.xblock.com RTGuardian and GEM; facetime.com My discussion of SPAMTHRU is just an over-view based on analysis performed by others. www.secureworks.com/analysis/spamthru/ www.spywareguide.com/spydet_3023_spamthru.html www.darkreading.com/document.asp?doc_id=107951 www.eweek.com/article2/0,1895,2034680,00.asp
Comments: Post a Comment

Links to this post:

Create a Link



<< Home

Experience the computer club and all it's SIG group that meet at Chapman university, California on the 1st Sunday of every month.

SECSIG meets in the Science building 203 at 11:15 am.

By attending the SECSIG you can ask questions and open discussions about troubling situations you are having now.

The RSS feed address is http://ocsecsig.blogspot.com/atom.xml

Dave Keays, SIG leader

This page is powered by Blogger. Isn't yours?