The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Monday, June 05, 2006

Circuit City unknowningly distributes spam bots

As reported in ZDNet and the Washington Post: Circuit City learned that their customer forum had been hacked, exposing their users to infection by a spam bot called Galapoper.C. Estimates are that between 80 and 200 registered customers were exposed. It's impossible to know how many were actually infected, or how many unregistered users visited the site. Only unpatched versions of Internet Explorer* were vulnerable.

Circuit City has now installed a more secure version of their forum software.

Galapoper.C is a nasty piece of work which periodically connects to controlling web sites and downloads commands from those web sites. It can then download other software or updates to itself or send out spam. The spam is morphed every ten minutes or 70,000 messages, making it harder to filter. The good news is that Galapoper.C is not self-replicating or spreading, so the small number of infections from Circuit City's forum is not the threat it could have been.

In Brian Krebs' Washington Post article, he notes that the sites from which Galapoper.C gets its commands are in the same block of IP addresses in Russia as a group of servers he investigated earlier this year which are involved in keystroke logging, bogus anti-spyware software, and porn sites.

Suzi Turner, in her ZDNet article, points out that there are American servers affiliated with the bad Russian sites, most notably InterCage.


Post a Comment

<< Home