March 20, 2007How Botnets Spread
Imagine receiving what seems to be an innocent email or instant message like the following:
From: Anton <Lorna@[removed].net>
Subject: look into future
just look at this :)
Plain text, no fancy HTML tricks. Just a friendly lure and a simple URL (if you were Korean, you'd readily notice the domain being a popular web hosting site). It might be a joke, or something cute, or funny.
If you were an Internet Explorer user on Windows, that click would be the last action you performed on your PC while it was still under your total control.
By doing all of the Trojan loading via VBScript, the malware propagator is self-selecting users of Internet Explorer in Windows. Other browsers and operating systems do not execute VBScript in web pages. But that's not to say that a future attempt will exploit an unpatched security hole in any other browser or OS.
It is the simple email messages like this one that make it imperative to train the world's email users to be suspicious of literally every email and instant message arriving at their machines. Spam filters have a hard time identifying such messages as spam. Malware distribution sites like these can be set up in seconds on free hosting services around the world—making it difficult for every bad URL to be captured by services that attempt to pre-warn users about potentially bad pages.
How long will ISPs and corporate email server administrators (and their management) continue to ignore the "last mile" of defense—the user?Posted on March 20, 2007 at 12:05 PM