Ron Paul Spam Traced to Commercial Spammer

318
• Views: 2,500

On October 30 we noted reports of a flurry of Ron Paul spam email; now we learn that researchers have tracked it to a commercial spammer using facilities in the US to control a “botnet”—a network of virus-infected “zombie” machines: Researchers track Ron Paul spam back to Reactor botnet.

The researchers analyzed header elements of the spam e-mails to trace them back to zombie systems that were infected with the Srizbi trojan, an unusual piece of malware with highly advanced features. According to Symantec research, which has independently studied Srizbi, the trojan is one of the first pieces of malware found in the wild to operate fully in kernel mode with no userspace code. Srizbi bypasses firewalls and packet sniffers by directly manipulating the kernel-level TCP/IP stack. The Srizbi trojan is largely propagated by the well-known msiesettings.com site, which is paid by spammers to deploy viruses and trojans for spam botnets.

SecureWorks collaborated with network administrators to analyze the traffic from some of the computers infected with Srizbi that were responsible for sending the Ron Paul spam. This allowed the researchers to discover the location from which the botnet was operated—a colocation facility in the US. The researchers collaborated with Spamhaus to get the server shut down and then obtained the source code used on the control system, a Python-based spam botnet management tool known as the Reactor Mailer. The logs present on the system prove that it was indeed the origin of the Ron Paul spam. Further research showed that other systems in the same colocation facility were also controlling various segments of the Srizbi botnet, and using it to transmit spam advertising replica watches and enlargement pills.

The evidence leads researchers to conclude that the Ron Paul spam was transmitted by a spammer called nenastnyj who operated a single node in a colocation facility and was likely affiliated with or renting access from the Reactor syndicate. The messages were transmitted by approximately 3,000 bots using a 3.4GB e-mail database file with over 160,000,000 addresses. …

Although it’s likely that somebody paid nenastnyj to transmit the Ron Paul spam, there is no evidence to indicate that it was anyone directly associated with the Ron Paul campaign.

(Hat tip: LGF readers.)

Jump to top

Create a PageThis is the LGF Pages posting bookmarklet. To use it, drag this button to your browser's bookmark bar, and title it 'LGF Pages' (or whatever you like). Then browse to a site you want to post, select some text on the page to use for a quote, click the bookmarklet, and the Pages posting window will appear with the title, text, and any embedded video or audio files already filled in, ready to go.
Or... you can just click this button to open the Pages posting window right away.
Last updated: 2023-04-04 11:11 am PDT LGF User's Guide RSS Feeds

Help support Little Green Footballs!

Subscribe now for ad-free access!Register and sign in to a free LGF account before subscribing, and your ad-free access will be automatically enabled.

Donate with
PayPal Cash.app
Recent PagesClick to refresh
Once Praised, the Settlement to Help Sickened BP Oil Spill Workers Leaves Most With Nearly Nothing When a deadly explosion destroyed BP’s Deepwater Horizon drilling rig in the Gulf of Mexico, 134 million gallons of crude erupted into the sea over the next three months — and tens of thousands of ordinary people were hired ...
Cheechako
Yesterday
Views: 72 • Comments: 0 • Rating: 0
Texas County at Center of Border Fight Is Overwhelmed by Migrant Deaths EAGLE PASS, Tex. - The undertaker lighted a cigarette and held it between his latex-gloved fingers as he stood over the bloated body bag lying in the bed of his battered pickup truck. The woman had been fished out ...
Cheechako
4 days ago
Views: 169 • Comments: 0 • Rating: 1