Friday, May 02, 2008

Botnet Targets .EDU and .MIL Systems

Matthew Broersma writes on TechWorld.com:

Security researchers have discovered a complex spamming scheme that hijacks users' PCs in order to attempt to send junk mail via university and military systems.

Researchers at Romania-based BitDefender said the scheme, based on a backdoor called Edunet, was one of the most complicated and mysterious they've come across.

The scam starts with junk emails that offer links to videos. When a user clicks on the link he is prompted to download a "media player" - something that should in itself ring alarm bells, since most videos currently use players embedded in a web page or in the operating system itself.

The "media player" download is in fact the Edunet backdoor, which creates a botnet used to attempt to send spam via a list of mail servers, BitDefender said.

One of the curiosities of Edunet is that these mail servers are mostly in the .edu and .mil domains. On these servers the botnet looks for open relays - a type of misconfiguration often used by spammers to disguise the real origins of the junk mail.

More here.

0 Comments:

Post a Comment

<< Home