Romanian security developer BitDefender has issued a warning about a fast spreading Trojan dubbed Spammer.HotLan.A which is using Hotmail and Yahoo accounts to send spam. According to BitDefencer some 15,000 accounts have already been compromised and the situation is likely to get much worse over the next few days.
Viorel Canja, BitDefender Antivirus Lab chief, told DaniWeb that “it’s hard to estimate how much spam has already been sent out, but there are at least 500 new accounts being created by the Trojan every hour.”
The worrying piece of this particular puzzle is the fact that the Trojan uses automatically-generated accounts, something that suggests spammers might have found a way to bypass the Captcha system so many of us depend upon to keep spambots out of forums, email and social networking systems.
Other than that, it is pretty much the same old same old: every active copy of the Trojan accesses an account, downloads encrypted spam from a website, decrypts it and sends on to a spam mail list of email addresses from yet another website. The spam being sent is currently leading users to a pharmacy product site, but expect that to change as the Trojan morphs over the next few days and weeks. Common spammer techniques are being used in the e-mail body text including Bayesian poisoning and the old corker, a random e-mail subject.
Check with your security vendor and make sure this threat is covered in the latest signature update file.