Worm Aims to Disarm Spam Fighters
(Wired) LONDON — Anti-spam organizations are the target of a new Internet worm outbreak that tries to knock them offline with a crippling data barrage, computer security experts said on Tuesday. Virus experts believe the worm, W32/Mimail-L, is the work of a vengeful spam e-mail peddler bent on paralyzing organizations that try to deal with spam, the torrents of get-rich-quick schemes and body-enhancement deals that clog in-boxes daily.
“It’s the third Mimail variation to come after us, except this one is trying to do more,” said Steve Linford, founder of The Spamhaus Project, a British-based group that singles out spammers. Spamhaus was hit by Mimail late on Monday.
According to anti-virus and spam-filtering company Sophos Plc, the Mimail-L program comes as an attachment to an e-mail purporting to be from a woman named Wendy who details an erotic encounter and then offers naked photographs.
Clicking on the attachment activates the virus. Once triggered, the worm forwards itself to other e-mail users. The worm can also turn the affected PC into a “zombie,” which can then be remotely commanded to bombard one of a select group of targets, such as Spamhaus, with a disabling blizzard of data — a so-called denial-of-service attack.
In a new twist, a follow-up e-mail is sent to the infected user stating that an order for a CD containing images of child pornography will be delivered to their postal address.
To stop the order, the e-mail advises, they should respond to what appears to be an e-mail address for billing complaints, but which is actually an e-mail for one of the eight targets.
“So many Internet users are flooding us with complaints about these child porn CDs that we supposedly ordered for them,” said Linford, adding that he was cooperating with police.
He believes the worm was the work of one of three organized spam gangs that traffic in stolen credit cards and have hit him with distributed denial-of-service (DDOS) attacks in the past.
“These guys write trojan (viruses), they carry out DDOS attacks and they get their money through selling stolen credit cards and spamming,” Linford said.
Virus experts said the outbreak was light compared to the rash of worms and viruses that plagued the Internet last summer. “We have had reports in the dozens, not in the hundreds,” said Graham Cluley, senior technology consultant for Sophos.
“But what this shows is that there is more evidence that virus writers and spammers are now colluding,” he added.
Security experts have been warning that some spammers have adopted virus-writing tactics to silence their biggest critics.
The stakes are high. Anti-spam organizations create black-out lists of known spammers that are then distributed to other Internet service providers to automatically reject messages coming from these sources.
“They are angry with us because we try to stop the spamming cycle,” Linford said.