Antisource.com  /  Security Forums  /  About  /  FAQs  /  Links  /  Polls  /  Advanced Search     
Register!   Login  
The All Inclusive Security Resource
Defending users and administrators against the
threat of viruses, trojans, spam, spyware, and hackers
Topics
General News
Antivirus Reviews
Network Defense
Spyware
Anti-Spam
Phishing Scams
Virus Alerts
Featured Product

Antivirus for your email server! Virus & content check mail with 5 virus scanning engines. Free 30 day trial available!


Download Free Trial
Security Forums
Desktop Security
Malware Removal Help
Spam Blocking
Patches and Hotfixes

Network Security
Firewalls and Routers
Intrusion Detection
Web Proxies

Antivirus Support
Symantec
McAfee
Trend Micro
Other Antivirus
Quick Resources
About Antisource
Malware Threats Triangle
Free Virus Scan
Virus Map
 

Mespam You Spam We All Spam

Saturday, April 07, 2007
Author: Richard S. Westmoreland
Permalink: mespam-trojan-rsvp32_2 		Anti-Spam
Email Article to a Colleague Printer-Friendly Version Author's Profile


Its the new tactic in infection warfare. Why bring down computers, when they can make you money?

Spam continues to rise, giving network administrators a headache trying to keep up with it.

CNET wrote an article about spam in 2004, stating that spam was about 38% of the 31 billion emails sent each day, up from 24% in 2002. This year, InformationWeek writes that by the end of the year over 90% of email will be spam. So given the improved antispam technology, where is all of this coming from?

Botnets.

And you may be participating without knowing it. A botnet is a distribution of zombies (or trojan/bot) that communicate with a designated server. Together they can consume massive amounts of bandwidth, but individually they're barely noticeable. For every one machine that is identified and cleaned, there will sure to be a few more to take its place.

Russian spammers recently deployed SpamThru, which downloads a pirated copy of Kaspersky AntiVirus and removes any competing malware. The botnet communicates with itself in a P2P fashion.

But not all spam is by email. One such infector is the Trojan.Mespam. This trojan drops rsvp32_2.dll amongst other files, then sends malicious URLs via Instant Messaging software and message boards.
  

Comment about Mespam You Spam We All Spam | 1 comments |

The following comments are owned by whomever posted them. This site is not responsible for what they say.

Mespam You Spam We All Spam
Authored by: Thomas on Saturday, April 28, 2007

Mespam is surely one of many newer spambot variants folks should be aware of. Increased email activity reported to you by your ISP is one sure sign of this type infection. Mespam injects the rsvp32_2.dll into the system's Winsock layer, basically the interface between Windows and the Internet. Here it will go into action each time any network application is started, giving it direct access to net communications. It is often installed through a Peacomm infection, which uses rootkit technology to cloak it's activities and establishes it's own P2P communications with servers to download more infection and establish it's spambot setup. Peacomm activity will be seen locally with system firewalls notifying the user of attempts by services.exe to access a remote address. Safe practices like those listed here can help many avoid being victimized by these infections. Those who think they may be infected should update their AntiVirus software and run a complete scan in Safe Mode (tap F8 at startup and select Safe Mode). Additional assistance in removal of this and other spambot variants is available here at the AntiSource Malware Removal Help forum.
Reply to This


 
 Copyright © 2009 Antisource
 All trademarks and copyrights on this page are owned by their respective owners.
Running GeekLog | Privacy Policy | Created this page in 0.34 seconds | Site Stats | RSS Feed xml