Botnet Used in Huge Spam Plot

Friday, May 31, 2013 @ 04:05 PM gHale


The Kelihos botnet is rearing its ugly head again as a massive Canadian pharmacy campaign sent out a large amount of spam emails entitled “Only 24 Hours Left to Shop.”

While such spam campaigns are not uncommon, there is one interesting aspect about this one. The spammers are using an old-school technique to make sure a large number of users receive the messages, said researchers at Cisco who found the campaign.

RELATED STORIES
P2P Botnets Larger than Thought
New Trojan can Avoid Capture
Botnet Builds off Ruby on Rails Bug
Ruby on Rails Patches Holes

Instead of using some method to bypass spam filters, the spammers sent out a massive amount of emails. Even if spam filters block out 99.99 percent of the messages, the remaining 0.01% that reach their destination still represent a big number.

Another noteworthy point is the Canadian pharmacy website promoted in the campaign can track the location of visitors and other information.

“They are tracking not only the country where the visitor is from, but there is a site identification number, a ‘heatmap’ cookie, a session identifier which lasts far into the future, and a ‘holiday’ cookie set to the value of ‘usps,’” said Cisco’s Jaeson Schultz. “This pharma gang is definitely intent on tracking their loyal customers and other visitor.”



Leave a Reply

You must be logged in to post a comment.