Intology - Intelligent Technology News
Computers Technology Internet Arts Business Science Sports

Rustock botnet which according to content security firm Marshal accounts for nearly 12.3% of spam is now exploiting users with shocking headlines to entice them into clicking the malicious link.

According to latest findings by Marshal, the botnet is mostly active in USA and China, and uses a variety of shocking and sensational headlines such as:

• Martian Soil Fantastic for Growing Weed Says NASA
• Obama killed in terrorist attack
• Yahoo sold to Microsoft, record price
• Martian Soil Fantastic for Growing Weed Says NASA
• Al Qaeda Reports Declining Revenues in Fiscal ‘08

Clicking on any link in the e-mail opens a website with fake web video and a popup window that prompts the user to install a file called “codecinst.exe” so that the video will play properly. Accepting it downloads and installs botnet on user’s PC.

Phil Hay, lead threat analyst for Marshal’s TRACE Team said:

One of the reason Rustock is using such headlines is to see which types of headlines solicit the most hits from recipients. They are trying to disguise the installation of the executable under a believable pretext.

Rustock botnet included more than 150,000 infected PCs and distributes close to 30 billion spam messages daily. It also goes by the aliases of RKRustok and Costrat.