A recent outbreak of malicious spam is reportedly responsible for 45% of the total spam online.  The Srizbi is a renowned Trojan that is advanced and effective.  This spamming malware has managed to increase the spam that contains the URLS to websites that also host more copies of the malicious program.  The program is designed in such a way that it is able to conceal its treacherous network activities and remain undetected by sniffer products.

The spam messages include a link that allegedly contains a naked movie of the recipient.  The message is made more convincing by using the recipient’s actual name and advising the read to watch the video to see that it’s true.  Unfortunately, as soon as the user clicks on the link, his or her system becomes infected and forms a growing part of the Srizbi botnet.

The spammers involved are taking advantage of naïve recipients who are quick to view the fake footage.  These unsuspecting individuals have no idea that the message actually contains malware meant to compromise their computer system. 

This tactic is certainly not a new one and has been used by many other spammers.  However, the effectiveness of the recent Srizbi botnet has propelled it to the top of list of the world’s largest, overtaking another famous botnet called Storm.

The Srizbi botnet is also known as “Cbeplay” and “Exchanger” and it contains a network of 315,000 bots that can product an astounding 60 billion email messages every day!  Ironically, the Storm botnet obtained more publicity, although it contains only 85,000 hijacked systems with only 35,000 of them designed to distribute spam.

Thousands of teachers and students at Portland State University (PSU) received phishing emails recently. The email messages were designed to appear as if they had been sent by the university’s IT and User Support Services departments. The content of the email messages differed. However, they all requested users to disclose their passwords and usernames to the sender.

Spammers often generate this type of attack which is called “spear phishing.” The email accounts of many campus students in Oregon have been threatened by these spam attacks. Phishing involves scammers sending out bulk email messages that appear to be sent from trusted organizations such as financial institutions to convince users to respond. By pretending to be a trusted representative of the organization, the scammers are often able to establish trust of recipients.

The Associate CIO of Technology Services at PSU, Janaka Jayawardena, reported that the scammers got personal in this latest attack. The spear phishers decided to impersonate Jayawardena in the spam email messages. Although most recipients chose to report or ignore the emails, some users responded. Unfortunately, scammers were then able to compromise their email account and sent out mass emails using those accounts.

Jayawardena expresses concern that these spear phishers may target the PSU’s Student Information System, BanWeb. If these accounts are compromised, spammers could access students’ confidential information such as financial aid details, school schedules and contact details.

Email hosting firms such as Yahoo! and Hotmail began to notice a flood of spam email messages from pdx.edu accounts. They ended up blacklisting incoming emails from all Portland State users.

IT officials at the university believe these latest attacks were instigated by multiple groups, rather than just one. However, they have not identified who is responsible. Some of the ISPs have been traced to phishers in Nigeria and India, although many attackers used an ISP anonymizer program called Tor which disables any attempts at tracking.