Thirty percent of spam is sent by computers that have been hijacked
by Remote Access Tools (RATs), according to Sophos. It's one of
several innovations by spammers and virus writers identified by the
anti-virus company during 2003.
In a summary of its work over the year, Massachusetts-based
Sophos revealed that it had detected 7,064 new worms, viruses and
Trojan horses. (Rival security firm Symantec provides a useful
explanation of the differences between worms, viruses and Trojan
horses.)
The year also brought new techniques for slipping spam through
scanners, including the tactic of mixing innocent and bad text and
using invalid HTML code or random characters to break up 'spammy'
words.
Other trends detected by the company included a significant rise
in the number of backdoor Trojans being used to implant RATs. These
can be used for many purposes, such as obtaining personal
information from the infected computer, but Sophos speculates that
a large number are being used for the sending of spam.
In fact, Sophos estimates that 30% of the world's spam is sent from
compromised computers, suggesting that spammers and virus authors
are joining. This combination theory is supported by the Mimail-E
and Mimail-H worms which recently used infected computers as a
launch pad for denial of service attacks on several anti-spam
websites.
It says the purpose behind viruses is also changing, from a
simple desire to create havoc, to one of obtaining financial
reward. According to Sophos, several worms attempted to extract
financial information from infected users during 2003. The most
prolific of these was Mimail-J, a worm that disguised itself as a
message from the PayPal on-line payment service. It duped users
into disclosing confidential credit card and PIN details.
Only today, MessageLabs, another security firm, has issued a
warning about a new variant, Mimail.M-mm. First detected last night
in the US, this self propogating mass-mailer spreads with an
attachment called wendy.zip.
However, the worst worm in the course of the year was the
Sobig-F worm. It accounted for almost a fifth of all reports to
Sophos during 2003, making it the hardest hitting virus of the
year, albeit the top spot was hotly contested by the Blaster worm,
which attempted to knock a Microsoft site off the internet.
Both of these, plus the third-placed Nachi worm, hit
businesses and home users during August 2003, making it the worst
single month in virus history.
"Ironically some of the people worst impacted by Sobig-F were
the spammers," said Chris Belthoff, senior security analyst at
Sophos. "They found that they could not send their millions of
spams as easily because their e-mail gateways were deluged by Sobig
traffic."
