Select Page

Our folks in spyware research infected two machines with spam bots (the spam bots are only sending to our internal research network — all traffic to port 25 is redirected to our honeypot).

By infecting two machines with two different known spam Trojans (Trojan-Proxy.Win32.Lager.gen and FiveSec.Spam.Agent.vx), we were able to capture over 6,000 image spam messages in a period of only 35 minutes (the spam bots were running at different times). Incidentally, these trojans are coming through Vxgames installs (nasty malware distributors).

So, with our bandwidth, these bots combined are capable of sending over 12,000 messages an hour – a little over a quarter million messages a day. At one time just one of the machines was pushing one megabit per second of spam email at the test server.

However, in real life, the real number would be lower, probably 60,000 to 80,000 messages per day (we’re dealing with fast DNS servers and gobs of bandwidth here, so our tests will always show higher rates than real-world). Still, that’s an incredible number for one machine.

A few different samples of stock image spam picked up Friday in our “SpamTrap”, all promoting a stock for Aerofoam Metals (AFML):

1231231231293808889dfdsdf

123909892934203498203482039482039482034982

12091239999999999999999999999999999999999

56496879879876549874984984984984

1239999999999999999999999999999993882342342a

Afm213499999999999999999999999234

And here is that stock on Yahoo finance:

Yaho10000123999

And that’s why you see so much spam.

Alex Eckelberry
(Credit to Sunbelt researchers Adam Thomas, Tom Robinson and Nick Suan)

Digg link.