Spam Bots

Ahh, spam bots.

The bots that spam your mom or dad’s email accounts with random junk. They can either be annoying or contain malicious content that can harm your electronic device. Most of the time, spam bots are used for malicious intent, most commonly used to spread a Trojan or a virus to a person’s computer so that the virus can spread throughout the network and cause massive damage. But most of the time, spam can be more complex than that.

Spam Bots are bots that collect credentials and then send a massive amount of spam at once at multiple users in a mailing list. Most of the spam usually pretends to be a business, a co-worker from your workplace, or a subscription service that user was previously/or is currently subscribed too. A typical spam email would look similar to this:

A Typical Spam Email

Most of the spam emails contain attachments that look very convincing. But instead, they can contain something malicious like an IP Grabber, password logger, or a very dangerous virus. Some common ways are a PHP Mailer and a Malware Spammer.

A PHP Mailer is when the attacker uses compromised websites (hacked sites, can be easily hacked via vulnerabilities well-known in free hosting sites like WordPress, Joomla, Weebly etc.) and uses these sites to host a PHP Script that’s in charge of sending these spam emails to a list of credentials that the attacker has either created or bought off of a random shop. This is a very common type of spam because there is an near infinite amount of outdated sites that it is nearly impossible to blacklist all the sites from where the spam is coming from.

A Malware Spammer, the second most common type of spam used by attackers, is a more brutal attack. First, the attacker buys or creates malware to attach on to the spam mail so that it can distribute through the infected victim’s IP address. The more people the attacker infects, the more they can distribute through more IP addresses. In order to do this, they need some email server credentials or SMTP. They can also either buy or create it. After the malware infects your system, it sends out spam to other people that are now about to be victims of spam.

Most of the credentials attackers use for spam bots comes from either huge public database leaks (like from LinkedIn, etc.) or having very weak passwords (ex. 123456 or password, etc.) It is very important to have strong passwords so you can protect yourself from being a victim of a spam bot. Another way of preventing spam is having filters on. Having filters on can sort a lot more bad stuff from the good stuff but might hide some of the good stuff so make sure to add some addresses to a whitelist. Another way of preventing spam is to straight up AVOID it. If you think something is suspicious, delete it or move on. Don’t risk being infected and becoming a victim. It’s better to play it safe than rather being risky.

Spam Bots are also very overlooked by malware researchers. Spam Bots is a very creative business that connects and interacts various other types of cybercrime businesses. Some things that can found around Spam Bots are phishers, password stealer botmasters, website scanners, malware & dropper developers, payload hosters, and so forth. So if you are a malware researcher, definitely look into the Spam Bot business.

Soruces: https://benkowlab.blogspot.com.au/2017/08/from-onliner-spambot-to-millions-of.html

https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/

(I found this after hearing the Spam Bot breach that leaked 711 million emails and that is my inspiration to make this blog post)