Spammers hijack authentication mechanisms to send malware

Malware writers have created automated attacks that use a company's email authentication system to send spam masquerading as trusted traffic. Once a compromised desktop is shut down, another appears instantly as a new spam relay, suggesting the hacker underground has refined a technique previously seen only on the small scale.

"It's very likely this will be commoditized quickly," said Peter McNeil, chief science officer for Gulf Breeze, Fla.-based AppRiver LLC, a content filtering vendor that blocks spam through its e-mail security managed services. "There are a wide range of people who send out spam through viruses. It starts at the high end, with the people that write viruses and create password cracking software. Once the software's written, it's instantly available to the low-end [script kiddies], where they can just download it. At that point, the capability is largely available to anyone interested in doing it." Spammers hijack authentication mechanisms to send malware

Linked by shanmuga Thursday, 11th May 2006 8:20AM