Pump-and-dump bot war?

Pump-and-dump bot war?

Summary: Security researchers are seeing signs of gang warfare among pump-and-dump spam scammers.

SHARE:
TOPICS: Security
2
Security researchers are seeing signs of gang warfare among pump-and-dump spam scammers.

In one scenario spotted by Websense Security Labs, two separate spam runs were launched earlier this week, attempting to lure targets into buying a penny stock.

It was the usual image spam that included a Web forum component where the stock was also being pumped on financial newsgroups and Web forums.

However, according to Websense, the second spam message -- sent hours after the original -- had a noticeable link embedded at the top. The link pointed to a compromised Web server that was rigged with a downloader from a do-it-yourself malware creation kit called "RootLauncher."

RootLauncher, which is available for sale at underground hacker sites, includes scripts that simplify the task of infecting computers and sending sophisticated spam e-mail).

Websense discovered that the malicious code that gets downloaded and run has the sole purpose of turning making the target machine inoperable. "[It] does nothing except reboot your machine over and over. Users have to boot into safe mode or off a disk and clean the machine in order to make it work again," the company explained.

This is a clear sign that the second spam run is not affiliated with the first. As Websense speculates, the motive behind disabling the victim's computer might be linked to the fact that a competing spam group wants to prevent the sale of the penny stock after it had been purchased.

It could also mean that a rival bot herder took control of a botnet and modified the e-mail with the added link, all part of a plot to disrupt the scam.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

2 comments
Log in or register to join the discussion
  • This sounds like a good way to force users to update

    or reinstall and update. ahah
    Been_Done_Before
  • WoW, You have Spam

    Good Job.
    PghNative