Spam syndicate 2.0 — Under the hood of Spambots

Raashid Bhat, Spamhaus Project

Internet bots have been widely used for various beneficial and malicious activities on the web.Recent studies in social media spam and automation provide anecdotal argumentation of the rise of a new generation of spambots like heodo, necrus and tofsee. we extensively study the ecosystem of spambots and we provide quantitative evidence that a paradigm-shift exists in spambot design . Spam is probably the biggest vector of infection for both commodity and targeted malware. One of the reasons it has earned this position is thanks to spam botnets, malware that has only one job: to send as many malicious mails as possible. Most of these bots operate for years and are very resilient to takedowns, largely due to their complicated infrastructure and protocols.

we benchmark several advance techniques used by spambots today for Proliferation and lateral movement . Their Proliferation techniques include techniques includes advance methods , so that spambots stay undetected by endpoint security . We also describe their ecosystem and show how Spambots are used for other criminal activities other than juts spam for eg Mining, POS infection . We extensively detail how compromised computers create many revenue opportunities for spammer, who can sell them for bitcoin mining, click-fraud, spam distribution, and other services.

In recent years ‘takedowns’ of spambots is starting to diminish. We details how these spam bots have their network defenses and SOS’s to make take down defenses ineffective . Malware distribution is no longer a sideline for spammers , but the core business model. It is not about volume but clicks. we also did an extensive research on monetization approach of spammers behind these spambots

Spambots act as a delivery mechanism for various other botnets as well , this paper will explore how there is an overlaps not only between the distribution , but also the revenue sharing of these botnets . Meanwhile keeping the network endpoints of these spambots under scrutiny, some of the participating criminal providers were uncovered , we detail how these hosting providers are facilitating the distribution and working of these spambots

Session attendees will gain a clear understanding of Spambot ecosystem , the infection vectors and social engineering tricks deployed by the criminals that make it successful, and how one can better prepare for spambot attacks.

Raashid Bhat

The Dynamic Security Ecosystem
Other Topics