July 26, 2017

Storm Botnet Driving PDF Spam

The latest plague of spam arriving in PDF attachments probably comes from a stunningly huge botnet operated by some familiar names.

Inboxes all over the world have been force-fed the newest type of image spam. This time around, PDF attachments contain the spam message, with a couple of recent examples touting stocks in a typical pump-and-dump scam.

Matt Sergeant, senior anti-spam technologist at MessageLabs, discussed the outbreak with SecurityProNews. He attributed the uptick in activity to well-known operators in the spamming world:

The Storm botnet is (probably) owned by a large scale Russian spammer called Zliden with links to Kuvayev and Yambo. MessageLabs knows very little about the inside operations of it because obviously those spammers don’t want people to find out.

This is being sent nowhere in particular: i.e. everywhere is getting it. And regarding where it’s from – the Storm botnet is enormous. Reasonable guesses would put it at around 5 or 10 million machines, but nobody can be exactly sure.

Kuvayev is Leo Kuvayev, last seen fleeing from Massachusetts authorities in 2005 due to his role as ringleader of one of the world’s biggest spam rings.

The Storm worm has not only generated the PDF spam, but has been performing DDoS attacks through the botnet supporting it. It might be nice if US trade representatives could bring up Zliden and Kuvayev the next time they are chatting with their Russian counterparts about trade relations.

About David Utter 902 Articles
David Utter is a business and technology writer for SecurityProNews and WebProNews.