Updates to IronPort’s 2008 Internet Security Trends Report, confirmed that Storm and other botnet spam were found to be profiting from commissions offered by illegal pharmaceutical traders for online advertising of their products.
IronPort’s research revealed that more than 80% of Storm botnet spam advertise online pharmacy brands; the spam is transmitted via a network of personal computers infected by the Storm worm Trojan using several sophisticated social engineering tricks and web-based exploits.
The report showed that spam templates; “spamvertized” uniform resource locators; website designs; credit card processing; product fulfillment; and customer support were being provided by a Russian criminal organization that operates in conjunction with Storm.
This criminal organization recruits botnet spamming partners to advertise their illegal pharmacy websites, which receive a 40% commission on sales orders.
“Our previous research revealed an extremely sophisticated supply chain behind the illegal pharmacy products shipped after orders were placed on botnet-spammed Canadian pharmacy websites. But the relationship between the technology-focused botnet masters and the global supply chain organizations was murky until now. Our research has revealed a smoking gun that shows that Storm and other botnet spam generates commissionable orders, which are then fulfilled by the supply chains, generating revenue in excess of $150m per year,”
said Sebastien Commerot, Marketing Manager – Middle East, IronPort Systems.
IronPort-sponsored pharmacological testing revealed that two-thirds of shipments facilitated by the illegal pharmaceutical businesses contained active ingredients but were not of the correct dosage, while others were placebos.
As a result, consumers take a significant risk of ingesting an uncontrolled substance from overseas distributors.
Details on the Storm botnet and the connection with the supply chain can be found in IronPort’s “2008 Internet Malware Trends: Storm and the Future of Social Engineering” report.
This report also identifies various methods with which malware is being used to infect host PCs to bypass security software, such as webmail spam; Google exploitation; and iFrame infiltration.
The botnets studied tied spam campaigns to current events or websites of interest, using a blend of email and the web to propagate.
Additionally, these decentralized and highly coordinated attacks enabled a variety of Internet assaults, from email and blog spam to phishing, instant messaging attacks and distributed denial-of-service attacks.
Storm malware pioneered sophisticated social engineering, affecting 40 million computers around the world between January 2007 and February 2008.
At its peak in July 2007, Storm accounted for more than 20% of all spam messages and had infected and was active in 1.4 million computers simultaneously.
It continued to infect or reinfect about 900,000 computers per month.
By September 2007, the number of simultaneous active computers generating Storm messages was reduced to 280,000 a day, and the total number of spam messages accounted for 4% of all spam.
Storm currently represents only a fraction of the more than 161 billion spam messages sent daily, although its variants are still active.
“Spam has progressed into organized, complex, well-funded malware efforts rivaling the operations of legitimate software vendors. Malware programmers are even offering their products as complete solutions to boost efficiency and profitability. We highly advise businesses to adopt spam filtering; evaluate their web reputation; monitor port and communications; and continuously update their antivirus and antimalware products to prevent the spread of these internet threats,” concluded Ray Kafity, Regional Sales Manager – Middle East, North Africa and Pakistan, IronPort Systems.
Thursday, August 28- 2008 @ 11:47 UAE local time (GMT+4) Replication or redistribution in whole or in part is expressly prohibited without the prior written consent of Mediaquest FZ LLC.